Today brings yet another story of a “hi profile” hack, this time targetting Ronaldoinho, http://www.ronaldinhogaucho.com/, one of the best soccer players in the world and a man loved and hated by million. No one should be surprised by the lack of security for a celebrity website or that the webmaster managed to “restore” the site while leaving the hidden links in the code. Likely as not, those links were not even left by the hacker Terrorist_MC who defaced the site, since if one person can find an exploit likely many others can as well.
Terrorist_MC, Konut Projeleri and Gebze Evden Eve Nakliyat, three more reasons to sign up for free website backup using the “coupon code” of itstheroi.
What really pisses me off is that someone is paying hackers “build links” for their sites so they can try to rank for “turkish web design” or “housing projects”… or perhaps sabotage their competitors. This type of “link building” destroys the reputation of our industry and makes consumers justifiably nervous when visiting sites that are not from “big brands” (although Ronaldo Inho is certainly a big brand). More importantly, just as adsense monetizes spam and scraper sites, this type of “SEO” monetizes the script kiddies and hackers who devote themselves to making the web a more dangerous place.
Just as upsetting is how bad the “back-up” and monitoring systems web hosting providers. These back-ups sound good in theory–you are assured that your site is backed-up on a system that is completely separate from the main one and that you’ll be able to access it whenever you need it. When you actually need them, like when your site has been hacked or your developers screw up, you often discover that your backup is hard to access, out of date or has been affected by the same event.
I first came face to face with this combination of blame avoidance and finger pointing about 2 years ago when a customer who had been hacked called me praying looking for a backup of his website. The only version i had was about 3 months old, which was actually newer than the most recent version his ISP was able to recover. The indian developers had a newer version–one that had never gone live because it was so full of bug. The upshot of that experience was the germ of a seed that grew into a little startup called CodeGuard.
CodeGuard is unlike ISP based backups. Instead of a static snapshot of your site kept by your ISP (hopefully), we use a File Integrity Monitoring system built on a version control system and store site data in the cloud. CodeGuard backups are stored as the differential between each daily scan of the site; allowing users visibility into what has changed along with the ability to “undo” changes on their site and restore to a past version in real time (minus the time it takes to push the files over FTP), much like Time Machine for Apple OS does for your laptop.
If the current backup solutions for webmasters are lackluster, then the systems that alert webmasters if their site has been hacked are criminal. Webmasters discover they have been hacked because traffic suddenly disappears, they see a warning message on Google when searching for themselves, or they get an email from a customer complaining about strange behavior.
CodeGuard’s differential backup is a game changer for hacking detection and remediation. In addition to pinging the Google Safe Browsing API for our clients, we also scan files that have been modified since our last backup. This allows us to identify hacking and alert the site owner before they can spread malware, have their links pirated or act as a parasitic host for spammers–hopefully before safe browsing alerts quarantines the site and kills all of the traffic.
In the event a hack or an unauthorized change is detected, webmasters can quickly revert to the last known “good” version and have their site working in minutes without engaging a developers to remediate the issue. CodeGuard can then be set to automatically revert the site to that version until the owner is able to patch the vulnerability in the site.
You can sign up for free website backup using the “coupon code” of “itstheroi”.
Leave a Reply