Posts Tagged ‘Website Hacking’

Hackers Steal Time & Revenue from SMBs Everyday – Keep it From Happening to Yours

by FireHost Evangelist on April 6th, 2010

Imagine waking up tomorrow and having your water cut off. It would be annoying to deal with, but not devastating. Life goes on. But what if you didn’t have electricity? Definitely inconvenient. You can’t turn on a lamp or watch TV, but at least your iPhone works. You could still access the information superhighway, so all is well.

Now envision how you would feel if you woke up one morning and your website wasn’t working at all.  It doesn’t load or the homepage has been replaced with an offensive message — or even a warning from Google that this site is no longer secure. That’s right, you’ve been hacked and your website has been kicked off Google.

Think this can’t happen to you? It’s actually not uncommon.  It happens to small businesses every day when their website gets attacked one too many times for Google’s liking. Mberry, a small business based in Tempe, Arizona, is one of those businesses. This innovative company that sells the very cool, very fun “mberry” tablets that make everything you eat taste oh so sweet for 30 minutes.  Mberry had a rather sour experience when their site was banned from Google.

Mberry’s saga started about a year ago when their site was hacked – not once, not twice, but three times in two months. They rely on their site as a main portal for their revenues.  Having their site down multiple times going through the process of getting it cleaned up and back online was costly, annoying and damaging to their brand. But it wasn’t until they got the boot from big daddy Google, that things really got much worse.

(more…)

Tags: , , , ,
Posted in: Security, Web Hosting | No Comments »

Are you at risk of a cross-site scripting attack?

by FireHost Evangelist on April 28th, 2009

xss-threat3In basic terms, cross-site scripting (XSS) is a popular method of attacking a website’s application vulnerabilities by injecting target websites with malicious code. The goal is typically to embed a program which steals data, leading to credit card or identity theft. During these attacks, affected websites appear perfectly normal to visitors, who continue to use the website as they normally would.

Consider this example:

Mary frequently visits an online shopping website. One day, hackers use a cross-site scripting attack on the website, embedding malicious code. Mary returns to the website and buys a pair of new shoes, unknowingly passing her confidential information to hackers. Before she realizes what happened, someone has stolen her identity and ruined her credit.

Every business owner has more important things to do than mitigate a very public theft of your customer’s personal data, so make securing your customer data a priority today.

Unfortunately for consumers and businesses, many hosting providers don’t take effective measures to prevent cross-site scripting (XSS) attacks on their clients. If your hosting provider doesn’t address cross-site scripting attacks (XSS) properly, your company’s website could easily fall prey to hackers and expose your customer’s personal information.

Security is the primary focus at FireHost. We pride ourselves on providing industry-leading secure hosting, which includes a WAF to prevent cross-site scripting (XSS). This hardware security device stops hackers from exploiting web applications, securing your website, business, and customers from cross-site scripting (XSS) attacks.

To discover more about our secure hosting and prevention of cross-site scripting (XSS), contact a FireHost Agent today.

Tags: , , , , ,
Posted in: Web Hosting | No Comments »

Why You Need SQL Injection Protection

by FireHost Evangelist on November 3rd, 2008

SQL Injections have website owners and developers running scared. If you haven’t heard of a SQL Injection, then you better listen up and hit Google university.

SQL Injections are the number one vulnerability exploited by hackers, by far. According to security vendor Sophos, 16,000 new websites are hit by the attacks every day. WordPress, Joomla, Drupal, .NET, classic ASP, PHPBB websites have all been hit with SQL Injections. Do NOT roll the dice on this one! Every web site big or small is vulnerable to injection by automated scripts attempting SQL-Injections through your webforms, dynamic URLs, etc.

This video from Graham Cluley of Sophos discusses the impact of a SQL Injection that hit BusinessWeek.

What can you do NOW to help secure your website?

  1. Ensure all logins use strong passwords
  2. Employ web form validation and/or CAPTCHA
  3. If you’re using a CMS or website platform, ensure it’s up-to-date (including all plug-ins)
  4. Ensure all components are current (ASPupload, etc)
  5. Use static URLs instead of dynamic URLs

FireHost takes SQL Injection protection to the next level by:

  1. Analyzing your website and web applications to assess the potential for SQL Injections and other hacking vulnerabilities
  2. Protecting your website using our secure and transparent Web Application Firewall
  3. Monitoring your website for new vulnerabilities

Tags: , , , , , ,
Posted in: Security | No Comments »