Domain Privacy 101

Regardless of how much time you’ve spent coming up with a domain name for your website, chances are that it’s already been snatched by someone else with a similar related business.  It’s always a wise decision to jot down several domain names that would be appropriate for your website just in case the preferred options are taken.  Fact:  First options are rarely available!

Competitors are notorious for purchasing related domain names simply for their own personal gains in hopes of tricking potential customers into thinking that they are actually shopping from your website.   So, always be careful of competitors’ ploys just to make a few extra bucks.

Another issue that many newbie’s registering website domains fails to realize is that their personal contact is displayed for the entire cyber world to see when your associated domain contact information that’s connected with the domain account is viewable in the WHOIS database.  Remember that domain privacy is a feature that may be added on at the time of sign-up for any domain including: com., net, org., info, biz, etc.

Consider privacy protection as a knight in shining amour for those wishing to keep their WHOIS contact information private from potential identity thieves and cyber hackers.  The way it works is that specific details of your domain account are substituted with generic information, preventing your personal contact details from being revealed in the WHOIS public database for solicited purposes.

Personal Domain Security in the Home

In today’s Google-ish world, with just a few mouse clicks it’s virtually possible to knock on someone’s front door across the globe.  WHOIS search works much the same way as it generates personal names, physical addresses, and occasionally phone numbers based on personal web domain names.  Many individuals are acquiring a private domain registration to prevent annoying telemarketers and other unsolicited material.  The same is also true for entrepreneurs working from home.

Private domain registration is typically used in households in lieu of businesses ventures.  The greatest advantage of private domain registration is to protect your family’s or home-based business’ identity.  After the initial registration process of setting-up the domain name, essential personalized data is replaced with “proxy” domain register information.

Whether protecting your personal assets in the office or at home, domain privacy is a security vital tool to prevent cyber hackers from wrecking havoc on your business affairs!

Related posts:

• October 28, 2010 – The Difference Between Private and Business Domain Registrations
• February 9, 2009 – Six Important Considerations for Domain Name Registration
• June 29, 2011 – How to Conduct a Background Check for Web Hosting Providers
• January 20, 2011 – Locking Your Online Business Using Website Encryption
• December 24, 2010 – The Overlooked Connection Between Computer Viruses and Site Security
• February 18, 2010 – The Cost of a Domain Name – Registering Your Domain
• December 30, 2009 – Five Simple Website Safety Tips
• August 19, 2009 – Three Simple Tips for Protecting Your Site
• March 5, 2009 – Malware Attacks on the Rise
• February 26, 2009 – Understanding Domain Name Transfers

If You Build It, They Will Steal

The act of stealing website content is becoming such an issue that it’s now commonly referred to as “website hijacking.”  This increasingly sinister phenomenon is most detrimental to e-commerce website and other online business ventures.

As a business owner with an online venture to ensure that your website is protected against outside elements, encryption is the solution.  Encryption allows you to “lock up” the essential components of your website that you may not even realize are exposed to cyber thieves.

Typically, there are three main reasons website content is hijacked:

• To harvest e-mail addresses for spam purposes
• To copy design and layout content and code
• To reveal and/or steal payment method links to be circumvented/stolen

Harvesting E-mail Addresses

It’s a global consensus that spam is excruciatingly annoying.  It’s even more of a nuisance when spam bots stealthily invade your website with the intentions to seek information, steal e-mail addresses and destroy your company’s reputation simply by storing hijacked e-mailed addresses in a database with malicious intent to flood customers with spam.

While many tech savvy customers are able to distinguish between spam scams and legit e-mail messages; unfortunately, for many others, they unknowingly fall prey to costly scams.  Each year millions of dollars are embezzled when cyber criminals steal customers’ credit card information and identities are snatched by manipulative spam e-mails forwarded to e-mail addresses obtained by website hijacking.

Spam is not only an issue for customers, but it’s an even greater headache for business owners.  Spam is also responsible for:

• Loss of productivity for your staff;
• Loss of valuable server resources;
• Loss of revenue when important e-mails get lost in the shuffle.

Copying Design and Layout

Setting up your web host account and website requires many resources including time and money.  Although it takes days, if not weeks to complete the initial setup, however, you may be surprised to learn that it takes less than five minutes for your website content and source code to be hijacked with just a few simple mouse clicks.

Online entrepreneurs soon discover the answer if they don’t “lock up” the doors to their website’s content.  Open HTML source code is easily accessible with a few clicks, and the process of hijacking is as simple as copying, and pasting.  Often Java Scripts are installed to thwart potential cyber thieves from lifting code as the scripts block code from being viewed; however it’s only the first step as it doesn’t protect from software based queries.

Pocketing Payment

Not only can a thief steal credit card information from customers; thus tarnishing your reputation, hackers can also alter your source code diverting payments to their own accounts, leaving you a responsibility to provide products or services to your customer without receiving payment.  Encryption is a definite necessity in any online business venture, especially when protecting customers’ credit card information

“The Lock”

By using available software tools to encrypt website code prevents information from being hijacked.  Encryption is extremely effective against all  types of informational breaches, including software queries and spam bots. The idea being, even if thieves access the source, the code will be indecipherable.

Basic HTML encryption tools are readily available online for free.  For novices, encrypting may sound complicated, however, it’s relatively quite simple.  Once you find an online HTML encryption tool, simply copy your existing code into the tool and it generates a secure encrypted code within minutes.

Related posts:

• December 24, 2010 – The Overlooked Connection Between Computer Viruses and Site Security
• November 28, 2011 – Bit-Defender Internet Security Review
• August 4, 2011 – Secure Shell Security Tips
• January 27, 2011 – Little Known Truths about Domain Privacy
• February 23, 2010 – Selecting a Suitable eCommerce Plan – Key Features
• December 30, 2009 – Five Simple Website Safety Tips
• November 30, 2009 – SSL vs. TLS: Which Provides the Best Protection?
• August 19, 2009 – Three Simple Tips for Protecting Your Site
• July 17, 2009 – Securing Your Business Website in Three Easy Steps
• March 6, 2009 – SSL For Your E-commerce Site

The following information discusses the connection between computer and web site security, while also providing tips on how to ensure the safety of both your computer and your hosting account.

How Hackers Get Passwords

Contrary to popular misconception, hackers do not spend their time trying to compromise the integrity of massive web hosting networks in order to take control of entire servers,. Instead, they use thousands of individuals ‘drone’ computers to complete tasks like this for them. These computers belong to people that have installed the hacker’s malware on their computer. The malware consumes the computers resources for nefarious purposes, essentially creating a networked super computer out of a bunch of hacked computers. Of course, this in turn makes the computer slow in many cases, but not always.

Sometimes the hacker does not want to use your computer for hacking – they actually want your passwords. They obtain them by hiding a keylogger on your computer, which records every keystroke you make, in conjunction with your browser history. This allows the hacker to access your web hosting account, change the account’s email address and completely steal all of your domains overnight.

How to Avoid a Security Breech

The only way to keep the above scenario from happening to you is to keep powerful and proven antivirus software running ion your computer at all times. Since hackers find new ‘exploits’ and develop new malicious software on a daily basis, it is important to make sure your anti-virus software is updated on a routine basis. Fortunately most anti-virus software will perform automatic updates and handle the security of your computer on autopilot. It is also important to note that all anti-virus software are not the same, and most free anti-virus software are not adequate to provide complete protection.

What to Do After You’ve Been Hacked

Luckily, most people recover their domains and web hosting account by calling the hosting company and providing the necessary information, After recovering your information or domain it is imperative to change all of your passwords, potentially reformat your computer, and install an anti-virus software with active protection. Choose a new password that contains plenty of symbols, letter and numbers in order to make it harder for hackers to steal. Change your email addresses and any other basic online communication methods so that the hacker cannot track you down and begin harassing you again out of spite.

Related posts:

• January 20, 2011 – Locking Your Online Business Using Website Encryption
• May 5, 2010 – Healthy Website Security Practices
• March 5, 2009 – Malware Attacks on the Rise
• December 14, 2011 – Avira Antivirus Features
• November 28, 2011 – Bit-Defender Internet Security Review
• November 17, 2011 – Clickjacking: What is it and How You Can Protect Yourself?
• August 4, 2011 – Secure Shell Security Tips
• March 18, 2011 – Securing Windows for Web Hosting Safety
• March 2, 2011 – The Release of the February 2011 Email Security Report
• January 27, 2011 – Little Known Truths about Domain Privacy

A Little Common Sense Goes a Long

While many security software solutions exist, some of the best ways to defend yourself can be summed up to applying common sense.  Here are five simple tips to help keep your website safe and secure:

1.) Smart E-commerce – If you plan to sale goods or services through a shopping cart, make sure that the software used is properly figured and secured.  If you do not possess this knowledge, bring someone on board who does.

2.) Password Protection – Use secure passwords for all of your website applications that require a login.  This goes for everything from your control panel to CMS software.  A good rule of thumb is to use a combination of numbers, letters and symbols, in addition to never using something that others can associate with you for a password.

3.) Monitor Your Server Logs – By checking your server logs on a regular basis, you may be able to identify strange or unusual activity.  Because knowing what to look for can be difficult, many software solutions exist that will do the job for you.  These programs analyze your log files and automatically send alerts if strange behavior is detected.

4.) Update Your Web Applications - An outdated web application is one of the most vulnerable points of a website.  Hackers are constantly working on new ways to compromise security so if your applications are not up to date, you could be exploited.  Also keep in mind that most updates consist of critical upgrades that address known security issues.

5.) Backup Your Website – Because no website is ever 100% secure, it would be wise to frequently backup your site and all the files its contains.  Don’t overlook this.  Not only do hackers target websites, but entire web servers.  If the server your site resides on is compromised, you could possibly lose everything you worked so hard to build.  Regular backups give you the assurance that your website data can be restored should a disaster occur.  Be sure to keep a copy of your backup in a location other than your hard drive just in case ill fate happens to strike your computer.

Related posts:

• August 31, 2011 – Top 5 Cloud Storage Service Providers
• August 31, 2009 – Yahoo Maintains its Competitive Spirit
• February 19, 2009 – Fighting Back Against Website Attacks
• November 15, 2011 – The Resurgence of Apache
• November 8, 2011 – Are The Growing Google Concerns Fair?
• October 5, 2011 – Social Networking Wars – A Great Show, and an Educational One
• September 10, 2011 – Common Advice in Search Engine Optimization
• September 1, 2011 – SharePoint’s Affect on Information Management
• August 4, 2011 – Readability.com – Web & Mobile App for Reading Comfortably
• June 9, 2011 – Government Decides to Move Email to Microsoft Exchange

1.) Update Your Applications and Scripts

Running outdated web applications and code on your site is liking giving hackers an open invite.  So if you have older versions of WordPress or Joomla installed, it is advisable that you immediately check for and perform the necessary updates.  This goes for any application or programming languages used for your site.  For a knowledgeable hacker, compromising Joomla 1.0 is as easy as uploading a shell script to an insecure form.  If successful, they could end up with complete control of your account.

2.) Create Strong Passwords

A password can be a simple but effective security mechanism.  However, this is only the case when following a strict set of rules.  When securing login sessions and other areas of your site, never apply a password that can be easily guessed by others or is used for other accounts.  If someone knows just one of your passwords, they can keep trying it for each of your accounts until they are successful.  This could not only lead them to the control panel login of your hosting account, but also the financial institution you do your online banking with.

3.) Mask Your Folders

It is always wise to cloak your website files and folders that are stored on the server.  Many security experts suggest keeping a blank index.html file in each of the folders stored in your public directory.  Doing this will ensure that the contents cannot easily be viewed by internet users.  This process is made simple with the cPanel control panel and its Index Manager function.  You can take this one step further by password protecting the administrator folder that contains the scripts you are running.  This is highly recommended as it provides an added layer of security that will make an intruder have to work that much harder.

What If I Still Get Hacked?

As we eluded to earlier, there is a possibility that even after adhering to all of these tips and more, your website can still be compromised by a hacker.  Should your site be successfully exploited, there are a couple of things you should do right away to minimize the damage.  The first step that needs to be taken involves changing all of the passwords associated with your website.  This goes from your control panel and administrative areas to everything else in between.  Next, go through your hosting account to find and update all old applications and plugins as they could easily be the culprits that led to exposure.  Any website can be compromised and if it happens to you, your sensitive information can be used for criminal gain in one way or another.  Prevention is the key so employ all the measures you can to ensure you are protected against the existing and emerging threats.

Related posts:

• May 5, 2010 – Healthy Website Security Practices
• February 8, 2010 – Website Security – 4 Ways to Secure Your Website
• January 20, 2010 – Maintaining Website Security for Customer Satisfaction
• January 15, 2010 – Website Security: Avoiding Downtime That Results in Loss of Profit
• October 16, 2009 – Major Threats to Business Website Security
• April 25, 2011 – Bux4Real Attacked by Hackers
• January 27, 2011 – Little Known Truths about Domain Privacy
• January 20, 2011 – Locking Your Online Business Using Website Encryption
• December 24, 2010 – The Overlooked Connection Between Computer Viruses and Site Security
• December 20, 2010 – The Eternal Battle – Beware of the Attackers!

Appalling Numbers

In 2008, web security firm ScanSafe, released a report that raised a lot of concern in the hosting industry.  The report revealed figures from research conducted between May 2007 to May 2008, showing that 68% of legitimate websites studied were unknowingly hosting malware.  Researchers at ScanSafe say that crafty intruders were able to compromise websites of various sizes from well known entities to small businesses.

Nature.com is one site that was victimized.  According to Quantcast, this site receives more than 700,000 unique visitors each month, making it one of the top 500 most trafficked sites on the web.  ScanSafe’s study found that malicious code was embedded into web pages on Nature.com.  Thankfully, the administrators detected and rectified the issue very quickly.  Although the website was only compromised for a single day, an estimated 30,000 users could have been at the risk of malware infection.

A Double Threat

So, how do intruders sneak these malicious scripts into an innocent website?  They use a wide range of methods and one of them is an attack called SQL (Structured Query Language) injection.  Numerous security reports show that risk of exposure to website hacking has increased by more 400% since 2008.  It has been reported that backdoor installing and password thieving malware accounts for the fastest growing attacks, threats that increased by over 800%.

The ScanSafe report shows that SQL injection is one exploit that aids the most in malware attacks.  With this type of attack, a hacker inserts SQL code into a simple form on a web page, any application that interacts with a backend database.  They can then send requests to steal information from the database or communicate with it in malicious ways to compromise other visitors that may interact with the site.  SQL injections are such a huge problem because so many webmasters do not take the proper security measures when developing applications and administering databases.  Most simply rely on simple authentication based on a username and password.  By using an SQL select query, a hacker can take those values, compare them to the information in the database, find a match and get the access they need.  With all the advanced hacking tools available, this process can be done very quickly.

Keeping Your Website Safe

Malware is a very dangerous security threat with the power to bring down a single website or an entire server.  It comes in various forms and can go undetected for quite sometime.  When the victim finds out, it is usually too late.  You can keep your site protected against spyware, Trojans, viruses and other malware by making sure you web applications are completely secure.  If you are not quite sure, get yourself a vulnerability scanner to scan your site for security holes.  It is a small investment that can spare you a lot of heartache.

Related posts:

• December 24, 2010 – The Overlooked Connection Between Computer Viruses and Site Security
• January 13, 2009 – How to Find Secure Shared Hosting
• December 14, 2011 – Avira Antivirus Features
• November 17, 2011 – Clickjacking: What is it and How You Can Protect Yourself?
• March 30, 2011 – Keeping Your Website Free of Malicious Scripts
• March 2, 2011 – The Release of the February 2011 Email Security Report
• February 23, 2011 – Understanding Website Viruses
• January 27, 2011 – Little Known Truths about Domain Privacy
• January 20, 2011 – Locking Your Online Business Using Website Encryption
• December 30, 2009 – Five Simple Website Safety Tips