Scams, Spam, Problems encounted by Webmasters

Website Pests

The internet has countless people offering information, advice, products and services to us but it has almost as many people who make a nuisance of themselves. Most people are aware of common internet risks like computer infections, email spam and identity theft but, when you set up your own website, you will run into some new forms of internet pests. The team at Bywild.com are constantly working to ensure these pests don't make it through to our client's websites but we thought visitors might like to know about these things so they can take them into account.

Email Harvesters

Have you ever wondered how all that spam email finds its way into your inbox? One of the ways is through email harvesting. An email harvester is a script that has been written to create a robot that crawls the internet in a constant search for email addresses. There are as many of these bots on the internet as there are people willing, and able, to make an easy dollar through selling email address lists. Any email address that appears on any website without being hidden or masked will be snatched up by every rogue email harvester bot out there then sold to anyone and everyone that would like to buy it.

When you leave your email address in a forum or on someone's guest book or comments page you can be certain it will be collected by countless email harvesting bots. It will then be sold to as many people as possible and your email address will be flooded with spam. This is what happens to ordinary email addresses but website owner email addresses are a target for other things too. If your email address is listed on your website you will get a whole new range of spam. These will include offers to search engine optimize your site, claims that there are flaws, problems, or broken bits on your site that, of course, they can fix for you, and more. You will be offered all sorts of "business deals" from all over the world, spam in a can from brazil, cheap electronic toys from china, nuts from hungary - you name it and someone will offer it to you at some point in time.

Many website businesses have been scammed by people who want to buy thousands of dollars worth of products. They use this "order" to get the business owner to accept stolen credit cards or forged cheques. They walk away with the products and, often, the "change" from the forged cheque. You get these offers because they have bought your contact details. The higher your site gets in the search engine results the more link requests you will receive and then there are the people who will tell you that, for the measly sum of x dollars, they will send millions of visitors, all of them eager to buy your products, to your site.

This poses a serious problem for website owners. People are suspicious of websites that do not offer contact details but the only 100% effective solution to email harvesting robots is to make sure you do not have an email address showing on your website. No email address on your site will, however, prevent your customers or clients from getting in touch with you and that's the last thing you want. The team at Bywild web site design combats email harvesting bots by hiding your email address in some code. This lets human beings see it but makes it invisible to robots. Another, and even better, way around the problem is to use an email form. Customers fill out the form on your site and press send. This has the advantage of offering your customers the convenience of being able to contact you without having to write down your email address, leave your site, and go to their email account to send you an email.

SQL Injection

If your site isn't written correctly when using databases online there is a bug which allows a hacker to inject code into your database. Once they do that they can take over your website and do anything they want. They can delete all your content, add viruses and trojans to your pages so people coming to your site will get infected and more. They will steal all your user details such as passwords, credit card numbers, names, addresses, email addresses - anything that is of value to them. The only way to prevent this from happening is to use well written code that doesn't use any of the shortcuts or modules that can cause the backdoor weakness in the first place. Don't use badly written scripts and make sure you update any patches to scripts as soon as possible.

Even the largest software companies, the people who come up with the software and standards to produce websites, have had problems with their sites being hacked. Search Engine Friendly url's can help reduce this risk. Hackers look for something called session id's. Search engine friendly url's don't use session id's. If the hackers can't see any session id's when they pass through your site they tend to move on to a site that does display session id's.

Form Spam

If you decide to use an email form, however, you face other problems. If the form isn't written correctly spammers can use it to email thousands of people. The spam then appears to come from your email server and you will be blamed for it. This can result in you getting nasty emails from every man and his dog. It can also lead to your site being listed as a spam site with many of the larger, commercial, internet service providers. If they blacklist you their users will not be able to visit you.

In Australia there are only a handfull of large isp's. If, for example, an isp such as Telstra were to blacklist your site as spam you would not be able to send emails to any of your Telstra/Bigpond customers. This could result in you losing a quarter, or more, of your customers.

Customers of Bywild.com website design do not, of course, have to worry about this particular problem as all our forms are correctly written.

Log Spam

Seedy operators like to send other bots to your site to leave the address of their gambling, pornography, viagra or other drug selling site in your logs. Many people publish their site logs on the internet and these people hope you will be one of them so they leave their site as the referrer in your logs. This can't hurt you but it is annoying if they start taking up too much of your bandwidth.

Comment Spam

This is similar to Log spam except these bots leave off topic comments or posts containing the links to their sites on your blog or forum. If you allow comments to go on your site unmoderated and you don't delete these comments as soon as possible these people will hammer your site until it breaks. They will leave thousands of off-topic comments/posts. It also seems other spammers may search for spam comments and, like a magnet, more spam comments including non english spam finds its way onto your site.

It is possible to prevent most, but not all, of this activity and we can advise you on how to do that as well as do some things, like tailoring your access file, for you.

Scam Mail Spam

The Internet Corporation for Assigned Names and Numbers (ICANN) is the body that controls ALL internet domain names. Every website must be registered with them but once your name and address appears on their register you become a target for scam spam.

This involves scammers sending you postal mail about a month before your domain name is due for renewal. The scammers claim that, if you don't register with THEM as soon as possible, your domain will become unregistered and someone else will steal it. The scam comes from different companies to the one you are registered with and their rates are normally up to 500% more expensive than what you already pay.

They are simply seeking to frighten you into switching from your current domain registration provider to them. Nothing will happen if you ignore it provided you renew your registration with your current provider as soon as it is due for renewal.

Emails

It is much safer to use online webmail systems such as your site's email than to use Microsoft Outlook or Outlook Express. The reason for this is that viruses have been written to hack into the Microsoft Products and, even if you have every patch and every security setting turned on, your system could still be at risk for getting a virus or trojan. Virus writers and Trojan writers tend to attack the largest markets because of the large number of users and the vast supply of knowledge about the bugs and loopholes in those systems.

Another problem with emails can be that spammers will use your domain name and a made up name to spam people with. This is done by spoofing (faking) the "from" field of the email. The problem comes when people who receive these spam emails believe your website is sending them. They can then send you nasty emails or report you to spam authorities in your country. There is nothing to really be worried about on a legal level because the header of the email, which is usually not shown because of its length, actually contains the ip of the offending sender and this will not be your server.

A similar problem with a different angle is when your email address is in someone else's contact list and they get an email virus. The virus may choose your email address to send itself to everyone in that persons contact list. This actually happened to us and it can be a very unpleasant experience.

Passwords

This is a real pain to most people. Most of us like passwords we can remember. Easy to remember passwords are, however, easy to crack too. The easiest way for a hacker to get into your bank account, eBay account, email, forum or any other online account is to get your password.

Your password is like the lock on your front door. It's the only thing that stops intruders from simply turning the handle, walking in and taking over anything you have online!

If a hacker can get your password he or she can do anything they want with your online account, your website or your system. Just like intruders in your house, an online intruder can steal things from you or simply deface your space.

Unlike home intruders, however, an online intruder can make himself at home for as long as he or she wants. Thay can sip coffee while they use your computer to break laws, attack other people's computers, steal identifying information, pretend to be you and harrass other people in your name, order credit cards, clean out your bank account and so on.

Once they have the passwords to access your site itself they can store illegal files on your server, run bots to steal other people's sites or content, create and store virus and phishing sites on your server, send spam or use your bandwidth to attack other sites.

Your password is the lock that stops intruders and they are very keen to pick that lock. They have a range of ways they use to do that. The two most common methods are "phishing" and "brute force". With phishing the hackers try to trick you into giving them your password. With brute force the hacker simply switches on a script that keeps trying possible passwords until they get into the system. They use a normal dictionary with all its listed words then they add letters, numbers, common names, names spelt backwards and all possible combinations of these.

This means if your password is a common name, a date, a name+letter and/or number it is only a matter of time before they internet pests will hack it. If they have not done so already. Your computer may already be part of a hackers army of servant computers and may be already being used to attack other computers!

Hackers also use the latest language that mixes up letters and numbers to make words so if you use something like f33t or a name with a number like 5u5ie then someone will have a dictionary that will have that password in it somewhere.

The best passwords are at least 8 characters long (most websites have a minimum length of 6 and a maximum of 12). The password should not use any known words. It should use letters and numbers and should contain both upper and lower case letters. It is much easier to hack a password like "susie1" than "sIa3xy5B" but, of course, that also makes the password very hard to remember. You may need to write it down but, if you do, remember to keep it in a safe place since it is also a security risk. If someone breaks into your house and finds your passwords written down they will have total access to your system.

DOS Attacks

Denial of Service attacks used to be aimed at the larger web sites but have become a threat to almost anyone now. What happens is someone with access to a bot army will get thousands of pc's to "ping" or attack certain ports on your website. This will overload your system and crash your website. If it does not crash your system you could end up with a large bill for all the extra bandwidth this has used.

A bot army is created by infecting thousands of personal computers with a trojan or virus that allows the hacker to use those computers whenever they are online. If you have not been careful with your passwords and security measures there is a good chance your computer is already enrolled in one, or more, bot army and is being used to attack other people. You, of course, are paying for the bandwidth these hackers are using.

Because bot armies all work in a similar way, and can only attack in certain ways, the team at Bywild takes preventative measures so, even if they do attack the sites we create, the site will not be affected and the owners bandwidth won't be gobbled up.

Can we say conclusively that all the sites Bywild Website Design creates are secure?

Yes!

At the time we build a site it will be secure to all KNOWN intrusive methods. We also keep abreast of any new security issues that arise and immediately patch all our sites if the new risk is a threat to them.