 |
 |
 |
 |
 |
 |
|
|
|
|
|
|
|
|
|
Oops. Your SERPs are Showing
|
|
Your web site is working perfectly, with plenty of traffic coming your way. You’ve invested the time to optimize your site for certain keywords and phrases that were strategically selected. You’ve exhausted every SEO tactic you know – built inbound links, written and distributed articles, added new posts to your blog, employed every social media tactic know to mankind and it’s all paying off handsomely for you. Then, suddenly, traffic to your site comes to a screeching halt. You can’t imagine what’s happened. What should you do? Check your SERPs. If the phrase “This site may harm your computer” shows up under your listing, you’ve been hacked. What’s most disturbing is that you didn’t even suspect it, but Google knows—and just as they revealed it in your search results, Google is letting the whole world know. Google polices the Internet – and for good reason: Someone has to. Obviously if your site shows up with this warning, and you weren’t aware of it – you certainly don’t check your site. Google scans the Internet indexing web sites. So who better than Google to look for infectious sites? Since you’re focused on creating more traffic to your web sites, getting highly ranked in the various search engines, producing viral videos for YouTube.com and Google Video, placing PPC ads and writing articles, you may not know much about cyber criminals—but rest assured, they know about you. This article serves as a primer for your cyber criminal education. The Cyber War You’re faced with a war for which you’re ill equipped. Your adversaries, cyber gangs, know a lot about you. They know where to find you. They know how little you focus on defense, and they know your motivation. You, on the other hand, know very little about them--which is exactly what they want. Your lack of knowledge gives them the upper hand. It’s equivalent to an ambush. They have all the preparation, knowledge and weaponry. You just go on with life without giving them a thought. You’re of the belief that they won’t find your web site. You believe that “hackers” want only the larger web sites. Cyber criminals are experts at silent, covert warfare. A recent report by Google revealed that 1 in 10 web sites were serving up infections to visitors, also known as “drive-by downloads.” Simply put, by arriving at a web site, unsuspecting visitors immediately place their computers at risk for an infection. Other reports show that 76% of malware is delivered via legitimate websites and 60 per cent of the top 100 most popular web sites either hosted or were involved in malicious activity in the first half of 2008. In fact, during the week of April 24, 2008, one mass infection contaminated 510,000 web sites. When your site is infected, it becomes a “delivery truck” for cyber criminals, except instead of transporting furniture or pizza (yum – pizza), their service involves infecting visitors to your site – your web site delivers malware for the cyber criminals. Sophos states in their report that they find over 6,000 infectious web sites each and every day. That’s one new infectious web site every 14 seconds. By the time you’re finished reading this article another 13 web sites will have been found serving infectious code. 83% of these 6,000 each day are legitimate web sites; from antique dealers to ice cream makers to wedding photographers. Their report goes on to say that what’s really amazing is that the web site owners still don’t know they’ve been hacked. Guess which sites are real “trophies”? Highly trafficked sites—web sites with owners who know very little about “their” activity. Hmm. Sound familiar? Take a moment for a brief survey: How much time and effort do you put into getting traffic to your web site? _____________ Now answer this. How much time do you spend checking your site for exploits, vulnerabilities and potentially successful compromises? ____________________ Your answer to the first question is probably something like, “A lot” or “A ton” or “Not enough.” Your answer to the second question is probably something like, “What?” Which proves the point. You spend all of your time building traffic to your web sites and little or no time securing or checking your sites for exploits and compromises. This deadly combination—lots of traffic and less-than-vigilant security—transforms your sites into “low hanging fruit” for cyber criminals, just ripe for picking. Now, let’s go back to the scenario at the beginning of this article. You know that Google indexes all web sites on the Internet. You also need to know that if Google finds that your site has been hacked, you’ll get this under your search results:
If someone does decide to click through despite the warning, they’ll be presented with this screen:
Think this would make your traffic disappear? Would this act as a deterrent to visitors? I’m certain that it would – and it does. Look at your logs to see which browser your visitors are using. Many people have switched to FireFox or, as of this writing, Google’s new online browser – Chrome. These browsers won’t even allow the search to get as far as the second page. What can you as a web site owner do? Obviously, you can and must check your web site on a regular, consistent basis and catch the infectious code before Google does. If Google beats you to the punch, as many poor unsuspecting web site owners have discovered the hard way, it could take you weeks (3 to 5) after you’ve properly cleaned your site, for Google to remove the warning. Here’s why: Google works hand in hand with an organization – StopBadware.org to police the Internet and protect unsuspecting Internet users from infectious web sites. StopBadware.org keeps a database of all such infectious web sites discovered by Google’s indexing. After you’ve successfully cleaned your web site, you can fill out an online form to have your site reviewed again. Then, you can … wait. You see, StopBadware.org receives an abundance of requests. Because cyber criminals are expert at hiding their “wares,” it’s easy for site owners to overlook infectious code when they check their web sites. Unfortunately, the volume of requests to StopBadware.org reflects not only those of web site owners who have cleaned their sites. It also reflects the number of owners who request a new review before doing an exhaustive investigation and eliminating the infection. You web site owners are convinced that your sites have been falsely labeled as infectious, and immediately make the request for review. Reviewing sites that haven’t been cleaned takes time and resources away from reviewing those sites that have been cleaned and are ready to have the warning label removed. Checking your web sites on a regular basis becomes essential in order to find any infectious code before Google does, thereby eliminating any threat to visitors and the need to apply for review at all. No, you don’t need to spend all of your time checking your web site in order to ensure its security. Simple methods, implemented consistently, can provide you, the site owner, with confidence that nothing malicious lurks behind your site. Always check your SERPs, they may just be showing – what you don’t want people to know. As the next step in your education, you have to learn more about your adversary – because they know all about you. You should know why cyber criminals hack, how they make their money (hint: they use many of the same tactics you do) and how to check your web sites (before Google does). As a resource for you, we’ve put the information you need into a short series of emails, some of them more technical in nature than the others, but very informative. If you’d like this free information and step-by-step instructions on how to check your web sites, please click here.
Thomas J. Raef is president of e-Based Security and WeWatchYourWebsite.com, two companies dedicated to making the Internet safe once again. e-Based Security focuses on protecting small businesses from cyber criminals and WeWatchYourWebsite.com dedicates it’s efforts on helping website owners keep their sites safe. He has over 12 years of computer security experience and has spent countless hours studying and researching security issues and the highly successful habits of cyber criminals. |
|
|
|
|
|
More on getting the best out
of your website How to Use Facebook and Twitter to Sell More Ebooks and Build Your Business Social Networking: The Five Biggest Mistakes Nichepreneurs Make Getting Targeted Traffic To Your Website |
|
|
|
|
|
|
 |