Article printed from SiteProNews: http://www.sitepronews.com
  HTML version available at: http://www.sitepronews.com/archives.html

Defend Against Black Hat SEO: Your Web Host Can Help
By Frederick Townes (c) 2006

The world wide web is a dynamic, exciting place to launch a new
business or promote your organization's message. It's also a
lawless landscape in which black hats – crackers, hackers and
other on-line evil doers – roam with very little oversight or
law enforcement.

And that means it's up to every site owner to ensure that his or
her site is defended against intrusions, code injections and
other forms of attack. There's plenty of software to help keep
hackers out of your desktop pc, but what about your hosting
service? How can you protect server-based data?

Top-tier web hosting firms design proprietary hardware and
software protection to ensure that your business is secure. But
site security doesn't stop with impenetrable firewalls, spam
zappers and e-mail scanners. In fact, if you go with a hosting
service that isn't up to speed on the latest forms of hacker
attackers, you could quickly find your site is no longer under
your control!

Great hosts "harden" their server systems to deter and deflect
known exploit points in the software the servers run and in any
client-site's code! There is where the value of quality hosting
comes into play .

XSS Attacks

XSS stands for cross site scripting and it poses a threat to
even the most secure sites because XSS exploits vulnerable
hardware and software holes that allow black hat SEOs to
circumvent commonly employed security systems. In an XSS attack,
black hats inject malicious HTML script into site pages of other
domains. They do this for two reasons.

First, in some instances, black hats inject undetected scripting
into competitor sites to taint these sites when SE bots spider
them. Imagine, a competitor is able to access your site's code,
insert invisible text (at least invisible to you) and, when an
SE bot discovers this invisible text, your site is slammed. Even
banned from Google. Don't think it can happen? It closes down
on-line businesses daily.

So what kind of attacks can be "planted" on your site? There are
plenty:

   • Redirects take visitors to another site as soon as they
     reach yours.
   • Overloading alt tags, meta tags and other interior coding
     with keywords, sometimes called keyword stuffing.
   • Inaccurate or misleading keywords inserted within site
     pages.
   • Cloaking, which detects search engine spiders and changes
     site text to improve PR.
   • Pagejacking, the practice of stealing site content, can not
     only cost you in sales, it can also slam your PR because
     your content isn't "original" any longer.

Any of these black hat SEO tactics and more (spamglish, links
farms, virus injections, etc.) can and will do severe, if not
irreparable, damage to your on-line enterprise. Why?

SE Bots Are Brainless

SE spiders are dumber than a box of rocks. They're unable to
discern legitimate text from a malware injection. They rely,
solely, on automation to assess and categorize a site. There's
no subjective analysis. Just text strings that are sorted
completely by brainless bots.

A competitor, using one of the XSS attacks listed above,
exploits to "de-optimize" and make it appear that you're using
black hat SEO tactics, or can gain access to your site through a
web browser and/or inject toxic data to devalue your content.

Google Penalties For Black Hat Tactics

The purpose of any search engine is to deliver relevant, useful
SERPs to users' queries. So, when a Google bot discovers what it
perceives as an attempt to falsely increase value, the site may
suffer serious, site-threatening sanctions.

Some of these penalties may be imposed without you even knowing
about it – until you discover that site revenues have dropped
75% in two days as a result of lost rankings and traffic! A site
discovered to employ black hat SEO may be penalized in page
rank, may lose PR altogether, may experience SE indexing issues
(partial or mis-indexing, for example) and, for the worst
offenders, banishment from the Google site altogether. Dead in
the eyes of Google bots.

So, here's the problem: without your knowledge, a black hat
competitor can inject toxic script into your site that could,
conceivably, get your site banned from Google. Even if you and
your web host have all the firewall and intrusion detection
protection there is.

It Gets Even Worse

The second reason black hats use cross site scripting is to
actually gain access and control of your on-line business.
Certain types of XSS attacks actually enable a complete stranger
to acquire the same system privileges reserved for the site
owner - you.

Access to sensitive customer data, bank account information, the
entire back office – all can be achieved with relative ease by a
knowledgeable cracker looking to steal and plunder your site.

Whether the black hat is a competitor who wants to eliminate the
competition, or a script-kiddie looking to clean out the till
and sell some credit card numbers, your on-line business is at
risk regardless of how much security you and your web host
deploy.

This Is Where Quality Web Hosting Enters

During the design, administration and growth of a web-based
business, numerous tools and applications are used by site
owners and designers. There's site building software, email
management software, a check-out, customer database, automated
shipping apps, tools for developing site metrics and many
others.

This software isn't necessarily designed with security as
Priority One. Often, there are openings in commonly-used ebiz
software that are exploited by black hats during the execution
of an XSS attack.

And, because of the nature of these attacks, system and server
security measures can be breached because, in essence, the
hackers piggyback their way onto an unsuspecting site using the
site administrators' credentials to gain access and/or control.

The key to protection from XSS attacks is in the proper
configuration of all of the applications and tools that comprise
your on-line enterprise. These apps must be synced up to work
together while, at the same time, developing protection against
XSS attacks.

This configuring of applications is done at the host level and
should include a detailed analysis of potential XSS entry points
within the site's design and reconfiguration to fit the server
security already in place.

Go With The Host Who Knows

If your web hosting service isn't familiar with the growing
danger of XSS attacks based on application exploitation points,
consider finding a more informed host.

It's not a matter of securing your business system locally. And
it's not a matter of the multi-layers of protection offered by
your web host.

It's a matter of thinking like a black hat and taking a
proactive stance against XSS attacks they may employ. If you
aren't sure your site is protected, and your hosting rep can't
provide the assurances you require, talk to another hosting
company before disaster strikes and your site is banned from
Google.

It's that important.
================================================================
Frederick Townes is the owner of W3 HOSTING, a web hosting
company dedicated to providing fast servers, guaranteed uptime
and reliable, friendly support.  When your site is an important
part of your business you need a professional web hosting
company (http://www.w3-hosting.net/) to keep it online and
running smoothly.  W3 HOSTING is just that – and more.
================================================================

Copyright © 2006 Jayde Online, Inc.  All Rights Reserved.

SiteProNews is a registered service mark of Jayde Online, Inc.