The Internet is one of the biggest communication innovations in the history of the world. As a consumer, the Internet provides access to information that is absolutely amazing. As a publisher, the Internet is simply empowering. On the downside, however, the Internet makes websites completely accessible by all, and some visitors are up to no good.
When you breathe the air in your home, you don’t see anything wrong with it and thus assume that it is clean. Upon replacing the air filter, however, you quickly come to realize how dirty your surroundings really are.
The same is true for your blog and its exposure on the Internet.
When you login, if everything is working, you assume all is good and that you had nothing but happy readers accessing it while you were away. However, if you put the equivalent of an air filter on your blog, you will start to realize the importance of blog security.
At How-T0-Blog.TV, we use a plugin-based blog security monitor called SecurePress. This plugin intercepts every call into our blog and identifies and blocks hackers. Without fail, SecurePress has to blocker hackers every night.
We began using SecurePress after a blog we manage was hacked. The blog deals with corporate law and has very powerful links from sites like a blog at Harvard’s Law School. We knew we had a blog security issue when we noticed our site was redirected to an online pharmacy site. We also noticed PHP files started to appear in our WordPress “Uploads” directory.
It was a painful process but we got ourselves out of the mess and are now inspired to help other bloggers avoid the issue, so much so that we developed a blog security plugin called WP-MalWatch that automates the process of looking for the artifacts that hackers leave behind (e.g. PHP files in the Uploads directory). We also committed to expanding How-To-Blog.TV to include blog security information that would help victims of hackers.
With SecurePress installed, we started to notice the quantity of hacking attempts that were coming into our key sites. The following are a couple of actual visitors to How-To-Blog.TV over the past couple of days:
Attacking On The eJunkie Cart of How-To-Blog.TV
The following attack originated from Taiwan and tried to include a remote file into the inputs of our eJunkie shopping cart. Ironically, we don’t even publicize this shopping cart as we use it to take payment for custom consulting from non-Dallas based bloggers.
Accessing MidwestSportsFans.com Login
One of the beauties of SecureLive is that they share information on attacks throughout their subscriber base. Though there is nothing abnormal in going to /WP-Login on a WordPress site, this IP address, which is based in Iran, was already banned in the SecureLive system for other shenanigans on the Internet and hence blocked from our login page.
Errors Reveal Information
We actually pay a third party out of Canada to attack our blogs and our customer’s blogs on a weekly basis. We do so as their reporting provides us with information about potential weaknesses in our hosting platform and it also ensures us that our SecureLive is working. The following is an attack they purposefully put through at How-To-Blog.TV in order to try and force our database to throw an error. The reason hackers do this is the errors generally reveal version numbers and other information that allow them to plan future attacks.
Why Do Hackers Want In Your Blog?
Though not always the case, the general answer is to game the search engines. If your blog has had moderate success, you will garner Page Rank from Google. The byproduct of Page Rank is “link juice”. In simpler terms, if Google respects your blog, you have the capability of ranking high in search engines and influencing other content on the Internet. Hackers promote sites that will hopefully make them money. The following are a few examples of the things that they do:
- Sell popular pharmacy drugs
- Peddle counterfeit software
- Promote pornography
- Pretend like they are selling something and steal credit card numbers
How Do They Make Money?
Hackers play in spaces with huge volumes of traffic and they try to scrape off a small percentage of the volume in order to profit. The search volumes for keywords in the spaces such as consumer pharmaceuticals (e.g. Viagra), software, and pornography are astronomical. Last month alone there were an estimated 6 million searches for the keyword “viagra”.
Hackers tend to have thousands of websites with thousands of pages they generate through automation. If they can hijack your site to promote one of their websites for a short period of time, they can make a killing. Even if you catch them in the act, it takes a few days for you to unwind this in Google and they have already achieved their mission.
In summary, your blog can help hackers to promote their online efforts and rake in big money.
Who Holds The Keys To The Problem?
In my opinion, Google does. People trust Google and assume that it is 100% accurate. Google IS NOT 100% accurate!
In an October 1, 2009 blog post entitled, “Cheap Vista” or Cloaked Spam on High-Profile Sites, Denis Sinegubko’s blog, Unmasked Parasites, provides a detailed explanation of how cybercriminals hijack highly trusted sites on the Internet to trick Google into promoting sites they own that offer brand name software at discount prices. The problem is that when you make a purchase, they will simply steal your credit card information and you will never get your software. The example they use is entering the search “Cheap Vista for Students” into Google. Out of the billions of pages Google associates with this search, after reviewing 350, the blog post’s author claims 99% are spam.
There is one side of me that is sympathetic to Google’s engineering team’s efforts, as I know there are tens of thousands of hackers at large today. Moreover, just one of them is capable of generating 50,000+ pages of content in one hour across thousands of websites they own.
On the flip side, when you take a blog that is registered in Google’s Webmaster Tools, that is dedicated to “corporate law”, and overnight is redirected to an online pharmacy site registered with OnlineNic, I do have ask…what were the titles of the 15 books that Google’s head of Web Spam, Matt Cutts, read in August? I am hoping one of them was entitled “What Is The Mathematical Probability That A Corporate Law Blog Linked to from Harvard Would 301 Redirect to A Russian based Online Pharmacy Site Overnight?”
In other words, Google has some upside in their SPAM control departments to help bloggers and small business owners deal with a growing problem.
What Is A Blogger To Do?
In my opinion, you can’t fight the evil that exists on the Internet. If you try, you are in essence taking on the Russian Mafia, the same Chinese hackers that infiltrated Google, and some of the top spammers in the world. Still, you can protect yourself and the first step is taking precautions. Here is a list we live by at Orangecast:
- Backup Your Blog! Get a good backup of the WP-Content directory and backup WordPress’ database.
- Keep an eye on irregularities in your blog. We created WP-MalWatch to help you with that. It is still evolving so things you should manually look for are:
- Significant drops in your search engine traffic.
- Keyword referrals in your Analytics reports that are spammy (e.g. cheap software).
- Spam links on your home page (go to your browser, select View->Source and then use the find option to look for words like “software” or “viagra”. You can also manually scroll down the page)
- Consider cutting the problem off as the source through a service like SecureLive.
- Keep your WordPress installation up to date.
- Implement the security keys section of your WP-Config.PHP file.
Summary
The Internet is a great place. A few bad apples, however, can turn a blogger’s world upside down. Don’t think that it can’t happen to you. Every night you go to bed, someone is likely trying. Once they get in, it can be time consuming and flat out expensive to repair. You don’t have to be paranoid but you can be proactive.
{ 2 comments… read them below or add one }
I have my new blog up on GoDaddy. I also want to add ejunkie. What kind of security should I be looking at? The jargon is confusing. On my home systems (not servers) I use ESET, and it does a great job. What should I be doing about the hosted site I now have? Also, will Thesus run there? And, is there a glossary of terms anywhere so I can start learning the term? Most of this stuff is really confusing. Thanks a bunch.
First, let’s separate the blog from ejunkie. Though ejunkie displays on your site like it is built in (which is why we love it) it runs on their servers and uses their security. Moreover, the payments go through paypal which is on their servers. Thus, check those two off as you are in good hands. Now onto your hosting and WordPress.
We will have a post coming out this week on security steps for locking down your blog. Subscribe to the email feed to get this or check back. We will cover using security keys in your config file, file permissions, strong passwords, and more. The next issue is your hosting. GoDaddy is good hosting. They can have performance problems if your blog gets a lot of traffic but all in all it is good hosting and they have pretty diligent security scanning within their infrastructure. Still, SecurePress is a plugin that utilizes a patented scanning technology from SecureLive that does two things for you. One, it identifies requests into your hosting that are up to no good and blocks them. Then, the person or program that did this is identified to their network and all other SecureLive users will be notified to block that person/program. we use it on all of our blogs. They have a $49 promo right now that can be found at this link. http://bit.ly/aRa4uF
Look for the post coming up and definately check out secure live.
Last, back regularly (WP-DBBackup) and copy your WP-Content folder to your local hard drive once your blog is done. WP-DBBackUp is easy as you can email yourself a backup and schedule it. The folder copy is something that GoDaddy can walk you through how to use their FTP tool in their control panel. With those backed up, you can have a disastrous day on your blog and recover from it not loosing anything.
Keep in touch with us as to the progress of your blog and what you learn on the security front.