Normally web site content such as web pages and media is easily accessible from the Internet by anyone and almost any device that can connect to the Internet. For websites designed to provide content to impress search engines and improve the website's SEO ranking, that works well. But that "open" policy poses a few problems when considering how the integrity of your website and the information that it contains can be exploited and even corrupted.
These days, with the popularity and ease of using CMS like WordPress, anyone can become a web designer. However CMS like WordPress are database driven, which means that all web pages are created dynamically from data stored in a database. Web pages are not hard coded and each web page request by a site visitor requests data about the page that is stored in the database and each page is assembled on demand. On busy websites and busy web servers delivering dynamic web pages can have more of an impact on performance than static HTML pages.
The use of static HTML for doorway pages and information that is unlikely to change for months or years is especially recommended for security as well as website performance. Because a website's database can contain the heart and soul of a web site, it can be the main focal point of hackers in any attack whether to steal information, to inject malicious code or to take the site offline. Google stats may show the visitors to your site and the keywords used from search, but without a real visitor tracking solution you may never know just how much traffic to your website has malicious intent.
On Windows web servers URLscan can be installed to filter all dubious web requests such as those that may include database commands and non-alphanumeric characters not applicable to web page requests. More recent versions of Windows Server may have that capacity already built in. On Apache servers request filtering can similarly prevent direct attempts to exploit your database. When using real website traffic analysis software to log and classify all page requests, seeing how much traffic can be rejected by request filtering on a typical website can be astounding... as much as 50% or more.
Other types of exploit that will show in site stats will be requests for content that is not and maybe has never been used on your website. For example, hits on urls looking for WordPress links checking if particular WordPress plugins are installed or not. WordPress is seen by hackers as the most commonly used CMS for web sites so a lot hacking software includes probing for WordPress plugin weaknesses in the many exploits that it will try until it hopefully finds a weakness. Your website may have never used WordPress, but they will still run through their tests automatically.
If you think that there must a malicious few individuals out there intent on trying these exploits, think again, because they are more prevalent than most will appreciate. Analysis of our own logs shows that there a thousands of malevolents running hacking software full time from home computers, and there are banks of servers dedicated to probing all websites looking for a weakness to exploit, all for various reasons. Some are looking for private data, some looking for credit card details, some looking trade secrets, and some simply trying to add HTML to existing pages to inject backlinks to promote their own web site ranking.
Now do you realize why "open" access to everything on your website is a bad idea?
If you have no web design skills beyond using a CMS to create web pages, you try keeping mission critical info and media behind membership login. Better to hard code your doorway pages as static web pages but if you don't know HTML what can you do?
Image protect software can be used on websites to prevent direct access to images and photos and also prevent copy including the use of PrintScreen and screen capture. CopySafe Web Protection provides the most secure image protection and plugins are available for all popular CMS like WordPress, Moodle, Drupal, Joomla and DNN for uploading encrypted images and adding them to web pages from the CMS online page editor. By adding a small encrypted image to any web page, you can not only copy protect the image but also any other media on the web page. A huge plus with using CopySafe media protection is that access to the page is limited to the ArtisBrowser web browser, which means that all other web browsers, including the hacking software that would be attackers may be using, cannot access your protected pages at all.
CopySafe website copy protection software is available for web pages, images, PDF and video. They can be used on any web page and on any type of web server. But if you have a dedicated or virtual web server where you have administrator rights to install software at system level, then you should use the ArtistScope Site Protection System (ASPS) which provides the most secure image and website copy protection for all media. ASPS creates a secure tunnel between website and the user's web browser where nothing can be exploited by any means, including packet sniffing software. Nothing can be extracted from browser cache or memory and while ob display in the ArtisBrowser, your web pages are most securely copy protected from all methods of exploit including PrintScreen and screen capture software.
Author: William Kent
Date: 28th July 2020
Return to DRM and Copy Protection