Let me start out by saying I absolutely don't have the answers to the question of how to deal with
hackers crackers who attack our websites. Because there are so many different ways that these jerks attack, and so many different things they do to the sites once they attack, I suppose it's impossible to come up with a one-size-fits-all answer. Still, I see more and more of this type of thing happening every day (even to security experts sites), and it just seems like there must be *something* we can all do if we just all put our minds together.
Obviously, being faithful about keeping clean backups of our sites and databases is a must. A clean, recent backup at least gives us a fair chance at restoring our sites quickly if we get hit.
One of the big problems we all face, however, is that a hackjob isn't always immediately obvious. Sure, if our site gets defaced and a message is left saying something like, "U've been hack'd!", well, it's obvious. But sly, underhanded types are sneaking links onto our sites that lead to bad neighborhoods (to put it politely). They place these links in stealth mode and we may not even realize it's happened until we notice that Google has deindexed the site and wonder why. (This also is a great example of how others can hurt your ranking). Naturally, if you find this has happened to you, you'll want to restore your clean site, and then file a reinclusion request with Google. But it's just terrible that we have to go through all of that because of some criminals out there (and yes, I believe that is criminal activity, as they are destroying someone else's property).
So...each time a new problem is found and patched, another soon crops up. This kind of thing hurts us all.
Some things that help is to keep up with the latest versions of scripts you may be using, applying updates and patches as they come out. Even that doesn't ensure safety, but it at least eliminates some old concerns. Another is to be careful about what you install. You may have the latest script of something but are running an outside plugin or mod that is very insecure. Of course, unless you are a programmer, you may have no way of knowing which is safe and which is not.
I'm fairly certain there are no clear cut answers out there, or we'd know about them already, but I just think it's way past the time when everyone should pull together and try to find some way to deal with these issues.
I'll be honest. I'm half-afraid to even address the issue for fear of being a target. Our sites are our livelihoods in many cases. Hurting them hurts us. Maybe my blog isn't the best place to begin this discussion, and if not, I'm happy to take it elsewhere, but I thought I would at least get the discussion going.
- What can we do?
- What defensive actions can we take?
- What's a good way to check for hidden links in our sites (especially large sites)?
- Is there any reasonable way of dealing with this problem, or are we just doomed to facing it forever?
- What are your thoughts?