Prevent Your Site from Being Hacked
Written by Paige Filler on June 27, 2008 – 4:55 pm -A Growth Industry
Recently the number of sites being hacked or infiltrated has risen rapidly. We see a lot of distraught site owners who have had their sites damaged, experienced a loss of rankings, or had data stolen.
Use Protection
Although most good hosting companies will protect their servers (and usually your site to some degree) it’s important to understand that you are responsible for your own site.
Take this analogy: You can use the strongest safe in the world, but if you leave the door open and someone empties it, you can’t blame the safe manufacturer.
Hacked Huh?
Before we offer you some simple tips, it’s worth understanding a few basics about the different kinds of hacks, their purpose and how they can affect you.
We won’t go into detail at this stage, but the number of exploits and the number of different types are increasing. Some of the most common include: XSS, SQL Injections and defacing
Staying up to date is a full time job, but like most types of crime, being prepared and protecting yourself should give you a better chance of weathering a storm should it happen.
So without further ado, here’s a basic primer on protecting your site from being hacked when it’s on shared hosting.
Simple Security Tips
1. Keeping Software Up to Date
If you are running old versions of software chances are it’s insecure, make sure you upgrade to the latest release. Most updates to software are security or functionality related, which means if you aren’t running the latest version you are likely to have missed a few security fixes.
2. 3rd Party Scripts and Code
Plugins, widgets or any other code (including free templates and themes) you install are written by other people under unknown circumstances. Some may be great, some may be full of holes. Be sure to research any code you want to use that you didn’t write yourself. Even a few Google searches should help you find out how secure the code you are using is.
3. Your Own Fault
One of the biggest causes of Identity theft and an easy way for someone to get details to your site(s). Your own computer is likely to be a weak link in the chain. Whether it be from poisoned powerpoint files or someone phishing your account details, the vulnerabilities are limitless. No matter how secure your site is, if the machine you access it from (including logging in and editing etc.) is not secure you stand a good risk of being compromised and it may affect more than just your site.
Use virus scans, clear histories, secure your passwords and be aware of general security issues (try not to let your shiny new MacBook air be stolen). Open and Public wifi spots are an obvious security risk. If you give everyone access to your PIN number for your bank account, expect to be robbed.
4. Secure Passwords
A secure password goes a long way to slowing down a potential infiltrator (real ‘hackers’ do not tend to be people that destroy sites, but ethically search for security holes in technology). Put simply passwords should always be a combination of letters and numbers, uppercase and lowercase. The longer the password, the better (though conversely the longer it is the harder it is to remember).
No dictionary words, no family names and no easily guess-able information either.
You can also generate a random password which is even more secure.
5. Checking Your Logs Regularly
Without watching who is visiting your site, what you are ranking for and similar you could be compromised and never even know it.
If you spot any unusual traffic (ranking for gambling, pharmaceuticals and sex terms is a common one) try working out where it is coming from / going to. From there if you are sure it is a hack you can get some quick help. (Send us a message, we’ll do what we can).
6. Outsource a Little Prevention
Using high quality software, a good coder (one who is security aware), hiring a professional security agency or using an automated method like the Firewall script or Hacker safe will help to reduce your risk. What you outsource depends on your needs (and resources of course).
7. Backup, Backup, Backup and Then Backup Some More
While this tip won’t protect you from being hacked, it will be very beneficial to you should it happen.
Send copies of your backup to your gmail, and auto forward them to your yahoo mail. Download copies to tape, your MP3 player or Iphone, it doesn’t really matter. What does matter is that in the case of a hack there will be a couple of things you want.
a. Records of IPs accessing your site.
b. A clean (pre hack) backup of your site (hopefully, including the latest updates)
Here is an easy DIY way to back up your whole site with cPanel.
If you use Hostgator then you’ve already got weekly offsite backups and they will restore your site(s) at no charge should it does become compromised or “cracked/ hacked”.
8. Don’t Put All Your Eggs in One Basket
Site hacking, Search engine rankings, DOS, account closures, viruses, there are a whole list of reasons your site may suffer in some way. With hosting being so cheap, grab yourself a multiple site (reseller) account and spread that risk. You can even have your sites hosted on different C Class IPs.
9. Learn MORE
Nothing beats knowledge. The more you know the easier it becomes to spot problems (not just hacks) and resolve them. So, kick back, grab a soda and start reading (it could be worth more in the end than all of the search news and blogging tips you have in your RSS feed).
Here’s a couple of useful starting points and interesting articles to checkout.
Trend Micro
Apache Security
MySQL Security
Security Focus
ha.ckers.org
Tips to Protect Your Wordpress Installation
How Wordpress Blogs are Hacked
10. Find Yourself a Gator
We take our security very seriously, there is nothing worse than seeing all of your hard work being destroyed. If your site is hosted with us and you think you may have been hacked, click the chat link (top of the page), and contact us anytime to let us know. Not only will you be looking out for the other sites sharing your server, but you give us a better chance to recover your site. Even if your site is not hosted with us, we’ll do what we can to help, we’re just like that.
11. Bonus - Be Careful of the Company You Keep
Anyone with enough time, an Internet connection and some intelligence can find ways to cause you problems online.
Revealing too much, boasting or insulting others online is a good way to attract the wrong kind of attention. In the real world, having fewer enemies just makes life easier.
Until Next Time…
This is the first in a series of posts that should help your site sing even on the darkest of days, there’s nothing we want more than for you to wake up safe and decide to build another new site.
The least we can do is try and make that as easy as possible.
Posted in Web and Hosting Tips | 7 Comments »
iphone “to break or not to break” applications
Written by Justin G on March 21, 2008 – 12:31 pm - 
A lot of people from the get go thought the iphone was a piece of junk, while others thought it was the best thing since sliced bread. Everyone has their opinions about iphone vs Nokia just like Mac vs. PC. So moving on then…
Since Mr. Steve Jobs had announced that there would be an SDK (software development kit) for the iphone, a lot of people have really been excited. Now that over 100,000 people have downloaded the developers kit whats next?
How many people will really switch over from having an unlocked iphone that can run tons of free applications to go legit with Apple and pay a fee for every application? The reason I even ask that is because the current developers kit doesn’t allow for 3rd party music applications. Isn’t music what people would likely use their iphone most for? Or would it be games?
It seems that Apple has decided to do things this way so sales on itunes are not hurt, but there will be an effect with upcoming players like Amazon music as well as Emusic which have compatible DRM free music for the iphone. Will Apple lose some ground with their Itunes music downloads?
One thing is for sure, and that is that Apple will continue governing and restricting their own products and applications like they have been for a while. I think the mentality of Apple which seems to be the ‘we control the product even after you buy it’ for all consumers is getting a bit old. The thing is, that the larger apple gets, and the more popularity that grows for Apple products, the hacking, cracking and unlocking will only continue to grow with it.
Will people be willing to blow their money on new applications approved by Apple, and made by the developer that had to pay $99 to publish that application. Thats right, you have to pay 1 dollar short of 100 to even be able to deploy your application if your a developer, and then if you are a consumer you can buy those applications straight off your iphone for a price, which Apple and the developer split for profit. This whole thing with new applications for the iphone has dropped from a hot boil to a mild simmer, and until Apple comes up with a better plan I’m going to have to say that the majority of people are going to go the free route.
Here below is just a little rundown of some of the FREE unlocked iphone applications that actually have some value. I’m not personally promoting them, but the fact is that they exist and Apple can’t stop it.
SSH For iphone - How to setup and install SSH for iphone.
MobileTerminal-vt100 - A Terminal emulator for the iPhone.
MobileTextEdit - Allows you to edit .txt files within mobilefinder.
Izoho - Full office suite to create edit and more.
Ruby on iphone - An iPhone Ruby interpretor which includes supporting libraries.
Stumbler Wifi Networks Locator - Lets you find wireless networks in your area.
BSD Subsystem - Unix Tools for the iphone.
Iphone Python - An iPhone Python interpretor including libraries.
Mobile Scrobbler - Lets you play music from Last.fm
NES Emulator - Play old school Nintendo games.
Ishare - Works with a Sendspace account to upload and download files.
Swapmusiclibrary - Allows you to sync with another PC without erasing.
Genesis4iphone - Lets you play Sonic and other Sega games.
Navizon GPS - GPS for the iphone.
TouchPadPro - Control your PC or Mac with Your iphone.
RocketShotz - Adds Icons So you never have to Type a Favorite URL to Browse.
Ispit - Acts as an http Server that runs from your iphone.
Funiculus - Guitar Tuner for iphone.
MobileChat - Instant messenger with all the extras.
Ifob - Social Networking application worth using.
iPhlickr - Easy way to browse Flickr Pics.
Expense View - Keep track of finances.
iPhoneDigg - For all the fanatical Diggers.
iPhoneTravel - Easy way to book flights and car rentals.
goMovies - Easy view of movie shows and times.
Google Reader - Clean and easy to use RSS for the iphone.
Iactu - Displays headlines from multiple newspapers.
Tags: apple, applications, iphone
Posted in Around the Web | 8 Comments »
Competition Fights Back
Written by Chad Bean on February 2, 2008 – 12:09 am -I have some bad news regarding HostGator. In our quest to “eat up the competition”, one web host has been busy trying to “bag all the competition”.
I stumbled across a new web host that I can already tell is going to be very serious competition for us. It seems as though we have overlooked a worthy contender — HostGaroo.com (no link for you guys, sorry!)
It’s only a matter of time before their sheer creativity and inspiration overtake us and the ‘Gator is bagged like the rest of them. There’s just one thing that doesn’t seem right here. I know I’ve seen Host Garoo’s design from somewhere before…
Current Host Garoo front page:
One year old Host Gator front page:
Testament to Google’s ingenious:
So what do you think, all things equal, the ‘Garoo or the ‘Gator?
Tags: competition, hostgaroo, hostgator, satire
Posted in Comedy | 59 Comments »
One Laptop Per Child, They Will Fail…
Written by Brent Oxley on January 31, 2008 – 7:16 pm -
I’m very proud to announce that Hostgator has made a $100,000 donation to MD Anderson which is one of the world leaders in cancer treatments and research. They have truly been a pleasure to work with. Working with MD has given many of our employees that warm fuzzy feeling inside that you should have when you are helping people.
I would also like to announce that I feel used, abused, and completely violated on a $25,000 donation hostgator made to One laptop per child. OLPC has a mission to develop cheap laptops for children to educate and express themselves on.
Maybe I’m being a drama queen so please come to your own conclusion based on the following experience…….
It all started with a $25,000 donation being made on their site and the following email being sent shortly after:
“Hello,
I’m the owner of hostgator.com and I just wanted to shoot off an email
to let you know I have just donated $25,000 via google checkout on my
amex. We get dozens of fraud orders a day so the purpose of this email
is to let you know it’s legit. I’m currently on xmas vacation in the
bahamas in the wyndham so the ip isn’t going to match my american address.
Please let me know if you have any questions or if any further
verification is needed. Thank you, and keep up the good fight!!
Sincerely,
Brent Oxley ”
Their Response 11 days later January 11th 2008
“Dear Donor,
In order for me to locate and track your donation, can you please provide me
with your complete address, reference number and the name used at the time
of donation. This will allow me to access the correct donation and locate
your laptop.Thank you for your interest in One Laptop Per Child.
OLPC
Donor Services”
My Reply January 11th 2008
“Are you serious?
Our company name is hostgator.com
My name is Brent Oxley
How many $25,000 donations do you receive? Please spend the minute that
it would take to look up the donation. Thank you.”
(we received automated email back instantly confirming they did receive our email)
Twenty days later and we still have not had a follow up response or anyone in the company making any type of contact with us other then what’s listed above!!!
OPLC has been getting slammed recently after Intel left the group January 3rd of this year. There are many critics that argue the money can be spent better on libraries, food, water, etc. You can read up more on OLPC on wikipedia. Even with all the negative publicity I and many of our customers believed it to be a worthy cause that deserved our help.
Based on our experience it’s quite obvious OLPC is being mismanaged to the point of failure. I now feel our donation would have been put to better use had we mailed 25,000 one dollar bills for the children to use as toilet paper.
Posted in Brent Oxley | 27 Comments »
500,000 Dollar Google USB Drive
Written by Justin G on December 11, 2007 – 7:17 pm -I’m sure you might be expecting a USB drive made of Gold with inlay diamonds sparkling away, but all that glitters isn’t gold, and as a matter of fact, you won’t find anything at all that is absolutely stunning. We merely want to show you what you could expect if you were to lay down about 500 big ones for Google advertising. We received the annual gift from Google and just wanted to show you what its all about.
The presentation was nice and Google does a good job of customizing their gifts while incorporating a touch of advertising. The video below shows us opening the gift, and you can see by our excitement that when you get something from Google, it’s special. This is the video of what we like to call the $500,000 Google USB Drive.
You choose where it goes
So if you watched the video you will notice we received a card for DonorsChoose.org, and it appears we have $100 dollars in credit to donate to a cause related to schooling. We went through the list of causes to donate to and had a hard time choosing something. We want to leave it open to you, the people that read this blog, to give us some feedback with your comments and tell us what cause you think would be the best.
Posted in Random | 18 Comments »
