A Growth Industry
Pretty girl with an umbrellaRecently the number of sites being hacked or infiltrated has risen rapidly. We see a lot of distraught site owners who have had their sites damaged, experienced a loss of rankings, or had data stolen.

Use Protection
Although most good hosting companies will protect their servers (and usually your site to some degree) it’s important to understand that you are responsible for your own site.

Take this analogy: You can use the strongest safe in the world, but if you leave the door open and someone empties it, you can’t blame the safe manufacturer.

Hacked Huh?
Before we offer you some simple tips, it’s worth understanding a few basics about the different kinds of hacks, their purpose and how they can affect you.

Server Farm We won’t go into detail at this stage, but the number of exploits and the number of different types are increasing. Some of the most common include: XSS, SQL Injections and defacing

Staying up to date is a full time job, but like most types of crime, being prepared and protecting yourself should give you a better chance of weathering a storm should it happen.

So without further ado, here’s a basic primer on protecting your site from being hacked when it’s on shared hosting.

Simple Security Tips

1. Keeping Software Up to Date
If you are running old versions of software chances are it’s insecure, make sure you upgrade to the latest release. Most updates to software are security or functionality related, which means if you aren’t running the latest version you are likely to have missed a few security fixes.

2. 3rd Party Scripts and Code
Plugins, widgets or any other code (including free templates and themes) you install are written by other people under unknown circumstances. Some may be great, some may be full of holes. Be sure to research any code you want to use that you didn’t write yourself. Even a few Google searches should help you find out how secure the code you are using is.

3. Your Own Fault
One of the biggest causes of Identity theft and an easy way for someone to get details to your site(s). Your own computer is likely to be a weak link in the chain. Whether it be from poisoned powerpoint files or someone phishing your account details, the vulnerabilities are limitless. No matter how secure your site is, if the machine you access it from (including logging in and editing etc.) is not secure you stand a good risk of being compromised and it may affect more than just your site.

Use virus scans, clear histories, secure your passwords and be aware of general security issues (try not to let your shiny new MacBook air be stolen). Open and Public wifi spots are an obvious security risk. If you give everyone access to your PIN number for your bank account, expect to be robbed.

4. Secure Passwords
A secure password goes a long way to slowing down a potential infiltrator (real ‘hackers’ do not tend to be people that destroy sites, but ethically search for security holes in technology). Put simply passwords should always be a combination of letters and numbers, uppercase and lowercase. The longer the password, the better (though conversely the longer it is the harder it is to remember).

No dictionary words, no family names and no easily guess-able information either.

You can also generate a random password which is even more secure.

5. Checking Your Logs Regularly
A man carrying a large logWithout watching who is visiting your site, what you are ranking for and similar you could be compromised and never even know it.

If you spot any unusual traffic (ranking for gambling, pharmaceuticals and sex terms is a common one) try working out where it is coming from / going to. From there if you are sure it is a hack you can get some quick help. (Send us a message, we’ll do what we can).

6. Outsource a Little Prevention
Using high quality software, a good coder (one who is security aware), hiring a professional security agency or using an automated method like the Firewall script or Hacker safe will help to reduce your risk. What you outsource depends on your needs (and resources of course).

7. Backup, Backup, Backup and Then Backup Some More
While this tip won’t protect you from being hacked, it will be very beneficial to you should it happen.

Send copies of your backup to your gmail, and auto forward them to your yahoo mail. Download copies to tape, your MP3 player or Iphone, it doesn’t really matter. What does matter is that in the case of a hack there will be a couple of things you want.
a. Records of IPs accessing your site.
b. A clean (pre hack) backup of your site (hopefully, including the latest updates)

Here is an easy DIY way to back up your whole site with cPanel.

If you use Hostgator then you’ve already got weekly offsite backups and they will restore your site(s) at no charge should it does become compromised or “cracked/ hacked”.

8. Don’t Put All Your Eggs in One Basket
Eggs in a shopping basketSite hacking, Search engine rankings, DOS, account closures, viruses, there are a whole list of reasons your site may suffer in some way. With hosting being so cheap, grab yourself a multiple site (reseller) account and spread that risk. You can even have your sites hosted on different C Class IPs.

9. Learn MORE
Nothing beats knowledge. The more you know the easier it becomes to spot problems (not just hacks) and resolve them. So, kick back, grab a soda and start reading (it could be worth more in the end than all of the search news and blogging tips you have in your RSS feed).

Here’s a couple of useful starting points and interesting articles to checkout.
Trend Micro
Apache Security
MySQL Security
Security Focus
ha.ckers.org
Tips to Protect Your WordPress Installation
How WordPress Blogs are Hacked

10. Find Yourself a Gator
We take our security very seriously, there is nothing worse than seeing all of your hard work being destroyed. If your site is hosted with us and you think you may have been hacked, click the chat link (top of the page), and contact us anytime to let us know. Not only will you be looking out for the other sites sharing your server, but you give us a better chance to recover your site. Even if your site is not hosted with us, we’ll do what we can to help, we’re just like that.

Hooded Script Kiddie11. Bonus – Be Careful of the Company You Keep
Anyone with enough time, an Internet connection and some intelligence can find ways to cause you problems online.

Revealing too much, boasting or insulting others online is a good way to attract the wrong kind of attention. In the real world, having fewer enemies just makes life easier.

Until Next Time…
This is the first in a series of posts that should help your site sing even on the darkest of days, there’s nothing we want more than for you to wake up safe and decide to build another new site.

The least we can do is try and make that as easy as possible.
More> http://blog.hostgator.com/2008/06/27/prevent-sites-from-being-hacked/