Tag Archives: Websites

Hackers: How Do They Get In?

Hackers How Do They Get In?
Hackers How Do They Get In?

Hackers, how do they get in to  your website and hosting account? In today’s wild web, it just seems like sometimes you can’t keep hackers out!

Here’s what happened recently to me. I set up a new hosting account at a quality hosting service (not GoDaddy). The same day I loaded the site files, the site was hacked. Files were loaded and links to malware installed in newly created pages that mirrored my own site pages but with a .shtml instead of .html.

The host told me that all was secure and although the site was in a shared hosting environment that their network was not where the hack came in.

The only thing that I can possibly think of that caused the problem for this non-WordPress site is I emailed the passwords to the client. What the client did with the logins, I do not know. I am not sure if he even tried to login, but doubt it.

The host said that possibly a hacker got into the site via a field in the contact form, but there is a Captcha and tests for validity of information and on top of that no database connection for the form. I am mystified!

What I do know is that sometimes you just do not know how hackers get in, could they tunnel in from the host? Could they intercept logins by email? Could they be trawling the web for new hosting set ups and attack them? Your guess is as good as mine.

One thing I do know is that there is a new hack for WordPress websites that targets new hosting accounts where WordPress installation has not been completed. There are bots that are scanning the web for these new sites and coming in via WordPress setup files and taking control of hosting. Could this type of attack possibly be what I experienced? It is possible.

What I do know if that prompt action to clean up, wipe the server, and change all passwords for hosting and FTP and also no longer emailing logins is our newest protocol.



Even HTML Websites Can Be Hacked – A Case Study

We all know that WordPress websites and blogsites can be hacked and can actually be targets for spammers, but did you know that regular websites can be targets too?

Here’s something I just saw recently that was very concerning to me.

A customer came to me recently and said that his daughter was reading his website and noticed a few funny words like biking in his kitchen spice selling website content. He asked me to take a look. This is what I found:

  • The stylesheet on the website had been changed to override all underlines and colors on the links.
  • Keyword dense anchor text had been scattered throughout the website and links to biking and travel sites inserted randomly in the content.

The links were were difficult to find in the content as one, there were not that many, and two link underlining had been turned off globally.

What is very concerning to me is that this was a silent attack, very subtle, small, and did not impact overall readability or appearance of the site. Most of all however was the site was just a five page regular HTML site.

This means that any website can be attacked for spammy purposes. The biggest key to identification is if link underlines are turned off and colored to match the rest of the text. Although this can be done for separate links and not globally, keeping an eye on your website big or small, HTML or WordPress is definitely now in order.


Five Years Ago I Had Great Organic Placement

I have had a rash of prospects tell me that their organic placement has dropped so much after they paid a ton of money for a new website that they want to repost the website they had five years ago to get their old traffic and Google.com placement back. Sorry, but there is no time machine that will take us back to the time you placed highly on Google.com.

A website is not a brochure; you create it once and then hand it out for years. It is a work of art, a puzzle, a tool, a selling machine. It needs care and it needs content updates. What worked three years ago and five years ago certainly does not work now. Even if we could reload a website that performed well five years ago on Google, it would most likely not perform in the same place today.

The Web has changed dramatically in the time that I have been providing professional services and it has significantly changed in the past three years and seriously changed even this past year. What is important for website owners to understand is that now the content is crucial for organic placement, but more than that, it cannot just stop at great content.

A well placed website (in the organic search results) needs:

  1. great content that provides features and benefits
  2. content that is informational beyond what you sell and service
  3. regular updates of interesting articles, white papers, and informational updates
  4. social networking work off site on Facebook, Twitter, and Google+
  5. a blog that is updated a minimum of three times a week and  deep links to pages in your website

That in a nutshell is a web authority site! A website that is beyond a brochure but provides real help and information for readers not only on services and products that are sold but on topics and ideas. This is no five page website that’s for sure.

It takes time and money to build and maintain a web authority site, but the rewards can be big. With a site that is well placed organically, you may not need to spend quite so much in advertising to get traffic to your site. The older your authority site is, the more links you will naturally earn which will continue to improve your placement as well. Additionally, the depth of information you have on your website will let prospects know you know your business and are the go-to person for their needs.

What used to work five years ago for organic placement certainly will not work now, but quality content and information-rich web pages will never go out of style. I invite you to visit our “authority website” and see if we can help you too.


Using Freeloaders to Your Advantage

You’ve hit the tipping point on all you do and now your website traffic is continuing to rise, in fact you’ve never had so many visitors to your website before, but your conversions have not grown at the same rate, what can you do?

First, it is great to be successful and have a high traffic site, but if you are not converting your readers into buyers you may want to consider a new strategy to specifically market to the reader-freeloaders on your website. Much of what you will select to do will be based on your specific sales goals.

If you are a local seller and your traffic has grown, but when you look in Google Analytics most of your traffic is outside of your service area, I would enjoy the numbers and know that Google will eventually award you with improved organic placement. However, I would put your out of area readers to work for your benefit by actively asking them to Google +1 your pages or like you on Facebook. You’ll then be able to get SEO juice off of the traffic that will never convert to a sale for you.

If you sell nationally or service locally but also sell products nationally, I would take a careful look at your traffic and the pages where you think you have freeloaders. On those pages you will need to evaluate if you should follow my advice on Google +1 and Facebook or if the pages are good areas for you to advertise the products you sell nationally.

If they are a good fit with product sales, then start by creating your own banners, buttons, and links to your store to promote your own products. If you are going to provide great informational content, you should work to have the readers who like what you say move into your store to buy, Google +1 you, like you on Facebook, or be added to your email subscriber list. Which direction you take or multiple directions will depend on the information specific to your site. The key is to put the traffic to work for you! Don’t just invest your time and money into a well trafficked website, move your readers to action that will benefit your long term approach and goals.


Are You Watching Your Website Stats? Why Not?

You can’t find out if your website is working for you if you never take a look at your website statistics! It is great to have a website and every business should have one, but sometimes just having one is not enough. Sometimes you need to “nurture” and “feed” your website to help it be the best promotion vehicle in your advertising arsenal.

When I say “nurture” and “feed” your website I mean specifically know what your website visitors are looking for when they come to visit, how long they stay, and what they do when they get there. I have found in many cases by a careful analysis of website statistics will allow us to recommend new pages, optimization, and areas for enhanced engagement with readers. Here’s just one example: from the integrated web search report we get for a client we found over and over that users were searching for a specific product. Based on this information, to make it easy for them to find it and to feed sales, we created new content on the home page to speak to this need and point readers to the shopping and more information sections on the product. In other cases, reviewing Google Analytics, we have found new search terms to use for optimization of content, new terms for AdWords programs, and services that readers are looking for and possibly not finding.

One key indicator to review in Google Analytics is a page’s bounce rate. Over 75% and you have some challenges that you need to address as your readers are not finding what they want or you are directing untargeted traffic to the page with pay per click programs and may need to add negative keywords to your program to cut costs and be more targeted.

A careful review of  your website statistics can be used to really review your online health. It is more than a gage of how many visitors you have a day, the wealth of information can help you develop new services, cater to an audience, and more carefully target pay per click advertising. As Google Analytics is free, there is simply no reason you should not be tracking and reviewing what is going online with your website.


Contact Form Woes And The Solution

Occasionally we have a client who is using a low-end web host or who is self-hosting and does not have a cgi-bin or scripting enabled in order for us to install a contact form processing script. Sometimes this has lead to expensive programming charges. We do not offer programming and so we have to contract out this portion of a project adding to expenses.

We have found a service that will process the script for you on their servers and so far it looks like a clean and elegant solution to a thorny problem for some clients. Our preferred site is MyContactForm.com. With a premium account for $24.99 per year, now any client can have a professional seamless contact form installed on their site without complex programming initiatives. I think that it is a very smart solution.

We have used this service on a number of client sites over the years and have had no issues in implementation or script processing. If you are in a similar situation, it is worth a look-see.