JBCR Virtual Solutions Blog

Archive for the ‘Security’ Category

Google has started an Onli­neSe­cu­rity Blog.

Any of you who read my blog, or arti­cles page at my site, know that I was hacked. The cul­prit was “Mal­ware”. Look­ing for infor­ma­tion about this ‘nasty’ in a search today I came across: Google Online Secu­rity Blog at http://googleonlinesecurity.blogspot.com/

“To pro­tect Google’s users from this threat, we started an anti-malware effort about a year ago. As a result, we can warn you in our search results if we know of a site to be harm­ful and even pre­vent exploits from load­ing with Google Desk­top Search.” Ok, yes it is absolutely a great idea to warn poten­tial vis­i­tors that the may be infected if they go to a website.

One thing that con­cerns me a “tad” is this:

Even after a site that was infected in the past, but is now clean has a cache of the old “bad” pages that can turn up in searches. How does a web owner clear that. If some­one turns up an old page cached which con­tains a mali­cious script, who is respon­si­ble? Could this hap­pen? We don’t have a clear answer on this yet. When we do, we’ll post it here… So as I say­ing the Goole secu­rity blog states: “If your site has been hacked­Take the site offline in order to keep from putting your site’s vis­i­tors and your cus­tomers at risk. Then remove all of the offend­ing code and fix all under­ly­ing secu­rity vul­ner­a­bil­i­ties before putting your site back online.”

Ok, (I say that too much don’t I) so… Okay I read on and they refer web mas­ters to a link that says

“There are three basic steps to main­tain­ing a clean site from Iden­ti­fy­ing bad­ware on your site Remov­ing bad­ware from your site Pre­vent­ing bad­ware in the future ”

Source: http://www.stopbadware.org/home/security The attack on us was a lit­tle dif­fer­ent than a malware/badwrare sce­nario. We didn’t have malware/badware put on our site. We were attacked at some­one elses web­site BY mal­ware that used our com­puter to upload objec­tional con­tent to our site.

Even though we didn’t have malware/badware on our site, we used many of the same sug­gested reme­dies as we would have for malware/badware.

It’s been over month since we dis­cov­ered our site had been com­pro­mised, and nearly a full month since we cleaned out the bad files. Our site is still impacted by this episode and suf­fer­ing the back­lash from Google searches show­ing results for these bad pages even though they were removed at the end of April…

Oh… As for Google’s Matt Cutts — he has not, as of the date of this entry, responded to the mes­sage I left on his blog. Stay tuned!

Jan

It appears that mal­ware has been down­load­ing to unsus­pect­ing web­sites with Win­dows update (yikes!) Read the arti­cle here:
http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9019118

Note: This is no doubt what hap­pened to my site

“The threat of mali­cious web­sites host­ing exploits has reached a point where Google’s engi­neers have decided to respond with a secu­rity analy­sis of the pages they index. ”

For web­sites that con­tain mal­ware through no active fault of the web­mas­ter, or sites that do not prop­erly san­i­tize user con­tributed con­tent, the ulti­mate Inter­net penalty could be imposed on them — a Google advi­sory that the site found in a search is unsafe. That could effec­tively destroy traf­fic to a site that has been hacked or designed poorly.” Nick Carr calls Google’s secu­rity aims a plan to police the Web.

Read more on this and my ques­tion to Matt Cutts:

http://www.jbcr-virtualsolutions.com/tips-and-articles.html#Not

Jan

Just wanted to pass along some infor­ma­tion that has helped me through this ugly period.

Both Google Ana­lyt­ics and Google Web­mas­ter Tool­box have been extremely help­ful with list­ing of key­words (see­ing the bad ones dis­ap­pear) and page vis­its. With­out this kind of infor­ma­tion I would be very much in the dark. I would also not be able to see when things are start­ing to change — right them­selves. So if you don’t Ana­lyt­ics or Web­mas­ter Tool­box I highly recomend you do.

Also, as I men­tioned in my arti­cle, a very nice WebProWorld mod­er­a­tor passed along an htac­cess file which I mod­i­fied to cover spe­cific key­words and phrases that were being used. We are now in the process of alpha­bet­iz­ing the list to eas­ily add need words or phrases, so it if you would like a copy just drop me a note.

Live Help Crafty Syn­tax has allowed me to watch who comes online and what pages they visit so I can feel secure.

I sure don’t wish this on any­one, but I sure have learned a lot. If you every find your­self in this spot I will be happy to pass on what I have learned.

Jan