Most attacks on web sites are for the purpose of injecting content that other web sites can benefit from, such as adding pages or injecting code to existing pages that provides backlinks to their web site. But often a hacker wanting to defame you or pollute your database with gibberish may use the same methods.
And today there is a plethora of software designed to do just that, ranging from blog posting software that will probe the web looking for blogs to post to that are not adequately protected by login and captcha to prevent auto responding by the software, to software that will probe for the existence of known apps running on the web site that are known to have security flaws that can be exploited.
To prevent SQL injection attacks, ensure that your CMS or custom scripting sanitizes all database queries. Sanitization means filtering any combinations of words and symbols that can be used as database commands. Restricting input to only alpha-numeric characters and encoding some needed symbols like the ampersat and ampersand will prevent a lot of mischief.
Data mining usually goes unnoticed but it can be harmful when search engines cannot tell original content from that which has been data-mined and stolen to populate web sites whose sole purpose is to display advertising banners for profit. In this case, unless you too are feeding search engines for ranking points, you want to consider using site protection software.
By using site protection software like the ArtistScope Site Protection System (ASPS) you can not only prevent your content and media from being data mined and plagiarized, but also make it impossible for hackers to reach your website using the probing and hacking software and tools at their disposal. ASPS can leave doorway pages accessible to search engines while protecting nominated pages or sections of your web site from indirect and unauthorized access. All data sent from an ASPS web site is encrypted, providing a secure tunnel between server and the user's web browser that cannot be exploited, even by the use of packet sniffing software.
Sites using PDF documents for content such as online lesson and course material can use PDF protection software to prevent plagiarism and data mining. PDF distributed for desktop reading can be protected from sharing by applying password or DRM controls and PDF displayed on web pages can be domain locked to your web site, making them useless for display anywhere else. Today the one solution that can cater for both desktop and website display is the CopySafe PDF Protection software which also provides the most secure and most robust protection from all copy methods.
Apart from doorway pages serving as fodder for search engines, most websites can be locked down to prevent direct access except by approved routes, whether that be by member login, IP address restrictions, required user-agent (web browser) or unique identification by Mac address or Computer ID.
Given the known IP addresses of the search engines, one can easily allow search engine access to all pages but restrict access requiring a member login to all other visitors. Although allowing search engine access based on user-agent is not recommended because data miners do fake that. In fact some web browsers can fake user-agent and they all support extensions that do just that.
When it comes to the security of your website and preserving professional images, one can never be careless. Nor can one believe everything that they read, especially phrases like "secure web hosting" when you web site is likely to be one of hundreds sharing the same server. If ever one of those websites gets compromised it may allow a hacker to exploit all web sites. That is something to consider when upgrading to a virtual server costs as little as $10/month. Hosting your site on your own virtual server eliminates everyone else's errors and it will also enable you install and run the ArtistScope Site Protection System (ASPS) for the utmost in data and media protection.
Author: William Kent
Date: 22nd April 2020
Return to DRM and Copy Protection
No comments