I
SEO isn’t hacking - and data security tips
The author's views are entirely their own (excluding the unlikely event of hypnosis) and may not always reflect the views of Moz.
The recent hacking of SEO blogs such as Wolf Howl, BoogyBonBon and Stuntdubl underlined a key point – the vulnerabilities of publishing software that we rely on.
However, in this incident, although the hacker was simply desperate for attention, some hackers will hack sites in order to insert hidden links.
This is something seen increasingly through 2006 – that insecure websites are ripe for hacking – for link benefits.
One of the more infamous stories came up in September when Donald Trump’s corporate site was found to be filled with hidden pages and links hacked in for pharma products.
However, the problem is much more widespread.
I’ve only seen a couple of my own older Wordpress installs targeted like this – and usually alerted to their being hacked because the hackers inserted other files – Flash or even malware.
However, it’s well known that worms have been written for the popular phpbb platform and other popular software applications, crawling Google especially to locate potential targets. Bill Atchison has repeatedly documented automated scripts checking servers for vulnerable software installs.
The danger is that it’s going to become more widespread for commercial purposes – and that the SEO benefits of hacking sites are going to force an increasing economic pressure for people to do it.
Hacking isn’t SEO
We already see mass vandalism of sites via automated form spamming – hitting blog comments, forums postings, guestbooks, and even contact forms.
Whatever the ethical dimension to this particular method, so far it’s proved difficult to make a legal case for automated spamming.
Not so for hacking.
Regardless of the motivation – whether for ego, boredom, attention, or links – it will never be SEO. It’s simply hacking.
And hacking other people’s sites has no legal grey area – it’s illegal.
Unfortunately, I predicted last year that we would see further hacking activity for SEO purposes, and it’s hard to see the process do anything but gain momentum.
And because of the serious ramifications of illegal hacking activity, it’s important that the SEO industry makes it plain that hacking into servers and hosting accounts can never be regarded as accepted SEO practice. Our industry has a shitty enough name as it is.
Security for webmasters
However, the simplest solution is to get off our lazy backsides and ensure that our own and client sites are secured in the first place.
As a Windows user my approach to security has been inherently lax – I set updates to automatically on the PC, and that’s it. Let Microsoft deal with everything else.
It’s an attitude that has permeated building my own websites. Whenever a latest software release is made available, it has never seemed a priority to upload the updated files. Not so now.
I’d already realised the foolishness of this and already scheduled training for my secretary in FTP and software upgrades. The recent SEO blog hacks underlines the potential for damage that can occur.
So far Michael Gray and Todd Malicoat have shown strength of character, by privately fuming, but publicly humouring us with images to catch our attention and entertain us from the ugliness of the hacking incidents.
Wolf Howl and BoogyBonbon are already up, hopefully Stundubl will be up soon, and Wordpress have issued Wordpress 2.0.7 to patch the recently exposed vulnerability.
However, unless you’re able to apply professional security solutions, as demonstrated, even installing latest software versions isn’t always going to protect you from hackers.
Therefore protection of your site data can become a real prerogative.
Protection of site data
It’s commonly stated that you should have backups made of all your sites. For database driven sites, though, the real Achilles heel is the database itself.
Recovering template files is one thing, but if a hacker can access your site database they can at best mine it for private data, or at worse, simply delete it.
And if you have no recent database back-up, you could be facing a major loss of data.
A simple precaution is to ensure that you use different username/password combinations for your database. However, you can automate regular backups of your databases using a cron job, and have the database emailed to you.
Good if you have lots of small sites, but perhaps not so simple if you have to work with really large databases.
Even still, if you can apply such an option, you may want to consider downloading such backups to an external harddrive attached to your PC, for extra redundancy purposes.
Overall
The past couple of days have pushed another ugly face of humanity into the SEO industry.
The important points that I’m taking from this are:
1. SEO must never be associated with hacking
2. Data security has to be an increased priority
While no doubt there are webmasters and SEO’s out there who already apply a mixture of simple and complicated security procedures for protecting their data, for the rest of us it’s been a wake-up call to expedite security concerns.
SEO’s tend to be problem solvers, having to take on board a whole array of skills and resources to aid themselves and their clients. It looks as though security issues are going to be yet another basic utility to prioritise, for those who haven't already.
However, in this incident, although the hacker was simply desperate for attention, some hackers will hack sites in order to insert hidden links.
This is something seen increasingly through 2006 – that insecure websites are ripe for hacking – for link benefits.
One of the more infamous stories came up in September when Donald Trump’s corporate site was found to be filled with hidden pages and links hacked in for pharma products.
However, the problem is much more widespread.
I’ve only seen a couple of my own older Wordpress installs targeted like this – and usually alerted to their being hacked because the hackers inserted other files – Flash or even malware.
However, it’s well known that worms have been written for the popular phpbb platform and other popular software applications, crawling Google especially to locate potential targets. Bill Atchison has repeatedly documented automated scripts checking servers for vulnerable software installs.
The danger is that it’s going to become more widespread for commercial purposes – and that the SEO benefits of hacking sites are going to force an increasing economic pressure for people to do it.
Hacking isn’t SEO
We already see mass vandalism of sites via automated form spamming – hitting blog comments, forums postings, guestbooks, and even contact forms.
Whatever the ethical dimension to this particular method, so far it’s proved difficult to make a legal case for automated spamming.
Not so for hacking.
Regardless of the motivation – whether for ego, boredom, attention, or links – it will never be SEO. It’s simply hacking.
And hacking other people’s sites has no legal grey area – it’s illegal.
Unfortunately, I predicted last year that we would see further hacking activity for SEO purposes, and it’s hard to see the process do anything but gain momentum.
And because of the serious ramifications of illegal hacking activity, it’s important that the SEO industry makes it plain that hacking into servers and hosting accounts can never be regarded as accepted SEO practice. Our industry has a shitty enough name as it is.
Security for webmasters
However, the simplest solution is to get off our lazy backsides and ensure that our own and client sites are secured in the first place.
As a Windows user my approach to security has been inherently lax – I set updates to automatically on the PC, and that’s it. Let Microsoft deal with everything else.
It’s an attitude that has permeated building my own websites. Whenever a latest software release is made available, it has never seemed a priority to upload the updated files. Not so now.
I’d already realised the foolishness of this and already scheduled training for my secretary in FTP and software upgrades. The recent SEO blog hacks underlines the potential for damage that can occur.
So far Michael Gray and Todd Malicoat have shown strength of character, by privately fuming, but publicly humouring us with images to catch our attention and entertain us from the ugliness of the hacking incidents.
Wolf Howl and BoogyBonbon are already up, hopefully Stundubl will be up soon, and Wordpress have issued Wordpress 2.0.7 to patch the recently exposed vulnerability.
However, unless you’re able to apply professional security solutions, as demonstrated, even installing latest software versions isn’t always going to protect you from hackers.
Therefore protection of your site data can become a real prerogative.
Protection of site data
It’s commonly stated that you should have backups made of all your sites. For database driven sites, though, the real Achilles heel is the database itself.
Recovering template files is one thing, but if a hacker can access your site database they can at best mine it for private data, or at worse, simply delete it.
And if you have no recent database back-up, you could be facing a major loss of data.
A simple precaution is to ensure that you use different username/password combinations for your database. However, you can automate regular backups of your databases using a cron job, and have the database emailed to you.
Good if you have lots of small sites, but perhaps not so simple if you have to work with really large databases.
Even still, if you can apply such an option, you may want to consider downloading such backups to an external harddrive attached to your PC, for extra redundancy purposes.
Overall
The past couple of days have pushed another ugly face of humanity into the SEO industry.
The important points that I’m taking from this are:
1. SEO must never be associated with hacking
2. Data security has to be an increased priority
While no doubt there are webmasters and SEO’s out there who already apply a mixture of simple and complicated security procedures for protecting their data, for the rest of us it’s been a wake-up call to expedite security concerns.
SEO’s tend to be problem solvers, having to take on board a whole array of skills and resources to aid themselves and their clients. It looks as though security issues are going to be yet another basic utility to prioritise, for those who haven't already.
Comments
Please keep your comments TAGFEE by following the community etiquette
Comments are closed. Got a burning question? Head to our Q&A section to start a new conversation.