- April 1, 2014
- Posted by: admin
- Categories: Website Hosting, Website Security
Let’s get this straight from the very beginning: this isn’t a typical Randombyte blog post. I’m not going to talk about online marketing, but about poor website hosting companies, hackers and what you can do to spot them.
We run several online businesses in parallel here at Randombyte. We do SEO, Online Reputation Management, we have built an unique rank tracking system, and more. And since we don’t want to put all our eggs in a single basket, we are using several hosting accounts provided by different web hosting companies.
Some of these companies are really good – we haven’t had any incidents with them for years in a row! Sadly, other hosting companies are really poor, having a lot of downtime and practically opening the doors to hackers by implementing very relaxed security measures.
Terrible Hosting Account Security Details
When was the last time you heard that a web hosting company limits your ftp account passwords to 12 characters and doesn’t allow special characters like #, & and so on? I won’t mention that company’s name here, but if you are already using it, you know what I’m talking about.
You may think that a 12 standard characters password is long enough, but trust me: a cloud-based brute force attack could reveal it in only a few minutes. This means that no matter what you do to keep your site secure, the entire folder containing it can be easily exposed.
So this hosting company has frequent downtime problems and fails to keep the hackers at bay. I knew about the downtime because a particular site was down every now and then, but I didn’t know that my accounts can be easily hacked. Imagine my surprise when a simple Google search revealed this image of my website a few weeks ago:
As you can imagine, I contacted the hosting company right away. They did their best to fix the problem in about 12 hours and I thought that my worries are over. Well, they weren’t. A second account was hacked a few days later, even though after the incident I have changed all the passwords for all the accounts. And no, my computer wasn’t infected with a nasty virus, of course.
Was Your Website Hacked as well?
I don’t want to scare you, but a Google search using a few of the words taken from the description tag of my hacked website returns over 90,000 results; I really hope that your site wasn’t attacked as well.
It goes without saying that frequent website downtime and successful hacker attacks will seriously affect your search engine rankings.
Randombyte’s Free Downtime and Hacker Checker
So what did we do to prevent all these things from happening over and over? First of all, we have moved the sites associate with those hosting accounts to a different hosting company. Then, we have built the URL Checker tool and we have decided to give it away to everyone, in an effort to stop these problems at bay.
It’s a Windows application, but it will run fine on Mac, Linux, etc through an emulator. Just do a Google search for “run windows on mac” and you will discover several good solutions. As an example, I have a Macbook Pro notebook and all my Windows applications (including this one) run great on it through Boot Camp.
URL Checker: a Quick Guide
Download the program from here, and then unzip it. Double click the sites.txt file, and then add all the sites that you plan to monitor, using a separate line for each site. You can safely remove the existing websites, of course.
Run UrlChecker.exe and you will see the main program window.
Use File -> Open URLs or the button at the right side of the “Urls file” field to open your sites.txt file, and then press “Start”. The program will then check each URL, telling you if it is offline or hacked.
The hacking discovery mechanism uses two different methods: a bad keywords list defined by you and a website page size check. The bad keywords list check should be used each time, provided that your sites don’t actually make use of those bad keywords, of course. The website page size check should only be used if your sites are html-based, static web properties.
WARNING: if your sites are dynamic (think WordPress, etc) and you use “Check page size”, you will get “hacked” messages even though your sites may be clean, because the pages are generated dynamically, so their sizes can change. However, if your sites are 100% static, you should use the “Save” button to save the current website page size at the end of the first program run; this way, you will be able to determine if the page size changes in the future. Remember that you should choose “Check page size” only if you are using good old html websites, though.
The program folder includes a starter badkeywords.txt file. Open the application folder, and then double click the badkeywords.txt file to open it. Add or remove bad words, making sure that each new word is placed on a separate line.
If you get stuck you can always read the built-in manual by accessing the “Help” menu. I hope that you will find this tool to be useful; I know I do, because I use it on a regular basis. By the way, URL Checker is 100% free and doesn’t contain any malware, viruses, etc.