» You Won’t Believe Who’s Trying to Get in Your Front Door
You want a lot of traffic stopping by your site each day, but there are some who aren’t welcome — anytime! Site hacking for fun and profit is going on right now, and these hackers have limited social lives and lots of time on their hands.
There’s no way you can keep out all of the bad guys. Google, Choice Point, AOL and even the US Department of Defense have all been hacked. But who is doing this, and why, and what can you do about it?
Who Are These Hackers?
Because you don’t know the difference between an HTML title tag and a dog tag, you might logically presume that hackers are all tech school grads with a bunch of degrees in computer science. They probably write their own code and know all the tricks to pick the lock on your site’s front door, right?
Nothing could be further from the truth. Oh sure, the digi-talented post-docs are out there, developing the next worm or virus or Trojan horse, and they may try to hack your site, but where’s the fun in that? Most likely, the hacker who trashes your site is a bored, 15-year-old, surfing the web on his entry-level computer. And like you, this kid knows little or nothing about computing, coding or cracking sites.
The fact is, these script-kiddies (as computer security experts call them) can find all kinds of hacker software on the different hacker sites that litter the I-net. This software can be downloaded and used to disrupt your business and spray graffiti all over your home page — while you’re sleeping! (Can you imagine the intelligence of somebody who downloads hacker software from another hacker? The download could turn a hard drive into a smoldering clump of silicone in a nanosecond, converting dad’s $5000 laptop into a doorstop in the time it takes to say ‘Gotcha’. You’d have to be insane, or just plain stupid, but that’s what script-kiddies do daily.)
Hackers come in all shapes and sizes. What’s important is that any one of them can turn your investment of time and money spent developing your site into time and money down the big tube — and you won’t even know what hit you.
Why not? Why smash mailboxes? Why loot and pillage? There’s always going to be an element of society that wants to subvert the status quo.
Some hackers are in it for the sport. They’re after bragging rights, so hacking into your little site doesn’t offer the thrill of cracking into the college computer to change grades for friends and neighbors.
The more serious threat to you comes from the predatory hacker who is out to gather personal data like credit card numbers, e-mail addresses, bank account numbers and other digital information that can be used to create an on-line persona capable of purchasing a 42-inch plasma TV using the data stored on your host server, or even on your own hard drive. These guys pose the greatest danger to small site owners — and they’ve got the weapons of war at their disposal.
Take ‘dictionary’ software. These scripts are available for download in lots of places. They can be attached to your site’s entry point and then, using a random-character generator, methodically go through every conceivable sequence of numbers and letters until they’re in. It may take a few hours or days, but who cares. The software is automated, it runs on its own and the user can be watching “Gilligan’s Island” reruns when the bell goes off, indicating that entry has been achieved.
The truth is that you’ll never keep the truly sophisticated hacker out of your business, but you can certainly keep the ‘door handle jiggling’ black hat out of your little cybershop.
What’s A Small Site Owner To Do?
No, you don’t have to take it. There are things you can and should do to make your site safer for those who visit and for yourself.
1. Get proactive. If you’re reacting to a hack attack, it’s already too late. Take steps today to improve site safety.
2. Never give out your site account information to anyone. If everybody knows your log-on password, you’ve left the keys to your store in the front door and anyone can enter.
3. Extend your password and change it often. If you’re currently using a four- or six-digit password to access your host server, add some digits — as many as you can. And change your site’s password monthly. This will make it a lot more difficult to use dictionary and other forms of ‘brute force’ software.
4. Buy, use and update security software. Protect your system with anti-virus software. Purchase firewall software. A firewall filters all incoming data for suspect code and deletes it before it can harm your system.
If part of your business requires that you receive e-mail from unfamiliar sources — customers, for example — use your anti-virus software to scan all e-mail before you open it.
And because new viruses and other toxic codes are being developed all of the time, keep your security software up-to-date by downloading patches from the manufacturer’s site. These new scripts protect against the latest attacks devised by on-line vandals and thugs.
5. Encrypt. Encryption software should be SOP for any site that maintains personal information — either your personal information, or that of your clients or customers. Encryption software converts any outgoing or incoming data to gibberish until it’s unencrypted by the intended receiver, putting the majority of hackers out of business.
Unless you’re a professional site designer, encryption should be done by an expert. Hire a computer security consultant, or a reputable design firm, to install and maintain your encryption software.
6. Change the way you think. Most site owners assume the best. That’s why they’re always stunned when the worst happens. Be skeptical of every site you visit, every e-mail you open, every transaction you conduct. If it doesn’t look right, smell right or feel right, back out of the path to safety. It’s just not worth the risk. Trust no one.
Finally, recognize your own limitations. It’s true, you won’t be able to keep the truly dedicated, knowledgeable hacker at bay. If they can hack the DoD system, what chance do you have? However, by taking some simple steps and changing a few old habits, you can keep the vast majority of hackers looking elsewhere for fun. And, by taking a proactive stance, you can better prepare your site, your data and yourself against hactivities that can do harm to your business. In other words, take steps today!