A lot happens on your web server that you don’t know about. I just checked my web server logs and saw many many entries of attempted access to the following areas of my site;
These pages don’t exist and never existed so I think these are probably hackers who were trying to find a way into the site. If you have coded your site yourself you should be aware that some attempts may be made as part of an SQL Injection or Brute Force attack on your system. If you know the web coding language PHP, you may think you are doing a good job but if you don’t code your website correctly you may be giving hackers an easy way in to your website.
The IPs on this occasion were from Norway, Russia, Ukraine, the USA, and a few Asian IP addresses.
It was through the error log (one of the many server logs recorded by your site) that I could see these items. I actually blocked one IP Address because there were so many attempted accesses from that IP. By sealing off all potential access points you can protect your website.
Also, check your PHP code – ensure you don’t automatically register variables, and check all form submissions, and anything that interacts with your database. I always ensure that all forms of error checking are in place. So if you are taking an email address for example, run some regular expression checking to ensure it conforms to an email address format and check the length of the address so it is a logically reasonable email address length. Likewise if you are taking data from a HTML Textarea, run some checks here to ensure the data is not possibly going to trigger or run some database commands.
I have seen some websites out there (businesses) that have text on the website, and slap bang in the middle of the text links to Crack websites or Adult sites. I believe these sites have been compromised by poorly secured web servers (of which I have had a few) and poorly coded websites that have PHP or ASP code.
When I moved web servers back in 2010, moving from a dodgy US server to the excellent Blacknight servers in Ireland, I was been trying to bring the site back up the Google rankings and also re-develop the site, mainly since I had not added much to the site in the few months since the move.
It will be interesting to see how long it takes after 20th April (when I made the changes in line with the Google Webmaster Guidelines) to get re-listed highly on the world’s most popular Search Engine.
Some other security tricks you can employ to make your site more secure involve the following;
- If you have a WordPress site, use Jetpack to help stop Brute-force attacks
- If you have a WordPress site, ensure your plugins are from a reputable source and you have then constantly updated
- Again, on WordPress, log in every 2-3 days and run any updates that are pending, as these have security updates designed to keep your site up-to-date and secure.
- If you have coded the site yourself, run some security checks on the code and perhaps add some extra security checking. Also, ensure your version of PHP is up to date also.
- Finally, take a look at the security logs and see if there is any unusual activity. It may only be a website hot-linking to your images, but you can stop that also to stop a drain on your monthly data usage quotas.
This is an old post that was originally on my old shanemcdonald.org site and now resides here on