Website Security: What’s the big deal?
UPDATE: A huge “Thank you!” goes out to Oliver Bross at MrMail.com for his steadfast support and the Codelanders for their support and skill in restoring the amazing tutorials on the blog. The developers of these coding wonders make our jobs a lot easier and we are pleased to share them with you.
Website security has taken on a totally new meaning for online business operators as well as visitors to these websites. Beyond marketing our products and services, we have a responsibility to safeguard our customers from unpleasant encounters of the hostile kind.
I send greetings to all my friends and foes , yes Lightfoot is still here and the CodeLand19 are still standing, here today to launch our Website Security series from our brand new castle. My apologies for my absence goes out of all of the great people who subscribed to the CodeLand blog.
I suppose that we should be flattered that SOMEONE likes our work so much that they launched brute force and cross frame scripting attacks on the website, however I find it odd because I thought that myself and the CodeLand19 crew were nowhere near the fame of some bloggers on the Internet. Perhaps I was mistaken or perhaps this is the price you pay for being an active member of CodeLand.
CodeLand19 is hearty group of guys work around the Web as programmers, designers, researchers, writers and marketers, if you are interested in what we do, join in the conversation. Part of our code is to understand both sides of the Internet (white hat and black hat); it exists and should be respected, because this knowledge is how you can make the most of your online presence.
However, time and again, we encounter webmasters who shiver in their boots when they hear the phrase “Black Hat” and run screaming away from the conversation. But it simply is not enough to be careful not to use tactics that will get you kicked off the search engines; you have to understand how to deal with the fact that there are a group of people who apply these techniques and enjoy creating chaos and harm.
With that said, the other interesting note is that (as I discovered) these vagabonds are pretty in discriminate about who they choose to annoy. In any case, I refuse to become bitter about the experience: live and learn, it was time for the blog design to be refreshed anyway. But to save others from this situation, let me just share with you the valuable resources which helped overcome this situation.
Starting off with the brute force attack scenarios, where an unauthorized person uses a ‘bot’ to run through a whole series of passwords or MD5 hash combinations to gain access to your website. Lorelle.wordpress.com has a great write-up on the issue along with resources to assist you in the battle of protecting your website.
When it comes to Cross Frame Scripting it’s related to Cross Site Scripting but in this case the attacker uses an iframe to literally ‘frame’ your webpage and divert visitors from your website. You can find a ton of information at the Open Web Security Project.
Creating a website on WordPress has become immensely attractive because of the outstanding number of sophisticated themes and versatile plugins. As a result more people are investing their time and money to create business ventures. The dilemma that many people face is whether or not to upgrade their WP installation when they rely on plugins that are not compatible with the new version. Although I have been in the same position, past experience has proven that your work only becomes harder if you don’t. The upgrade may force you to drop plugins but without it your website is vulnerable.
Thanks to CodeLand19 members the bandits did not succeed in kidnapping our little castle on the Net, but unfortunately I have heard horror tales where people have lost everything. Open your mind to the reality that website security has to be taken seriously and make it a top priority.