Web Site Safety
Recently I worked with 2 website owners whose sites had become infected. One was a personal website; the other was a small business owner, and precisely how much business that person may have lost can never be calculated. It demonstrates, however, that even small personal websites are not immune from poisoning. To make matters worse, Google will often have a warning under the search result for the site in question, stating that it could harm your computer. Clearly this is not publicity that an individual desires for their site, much less a business owner.
So–what can you do as a business owner to keep your website from becoming the target of malware, and does it require a computer science degree? The good news is that there are several things you can do, none of which are guaranteed to workk, but the sum total of which should provide adequate security–and, no, they don’t require a degree in computerese.
1. Strengthen your password. This is advice everyone has heard and few heed. Here are some do’s and don’t's for creating a strong password:
don’t's:
A. Do not spell words. I often use the first letters of each word of a well-known quote, such as “the quick sly fox jumped over the lazy brown dog”, as an example.
B. Do not use consecutive letters or numbers, such as “abcdefg” or “12345″.
C. Don’t use passwords people could easily guess. More than once I’ve guessed a client’s password, because it was the name of their guide dog. Since I’m trustworthy, I did no harm, but…
D. Don’t share it, write it on a post-it note where folks can see, keep it in an unencrypted file on your computer, etc. That should be obvious, but you’d be surprised how many people do just that.
Do’s:
A. Use upper- and lower- case letters, numbers, and punctuation signs.
B. Make it reasonably long–at least 7 letters–and longer is better.
2) Use secure ftp to upload your files to your website. Why? Because conventional ftp sends your password as clear text, which can easily be intercepted. If your hosting provider doesn’t support secure ftp, find one that will.
3) Periodically download your source files from your server and scan them. Currently, I recommend Avast! for this, as it finds malware others don’t, as proved by the business owner’s website, where almost all of the scanners except Avast! did not pick it up. Also, you can view the website’s source online by pressing control u, both in IE and Firefox, and if you see suspicious code that you didn’t put there, especially if it begins with the word “script”, then the chances are the site has become infected.
The proverb posits that an ounce of prevention is worth a pound of cure. These simple steps should go a long way to keep your site up and clear of malware.
This article was provided by
Jackie McBride
These are very good tips. I tried out Avast and had mixed results with it. I downloaded it upon a friend’s recommendation, and it worked for a little while but then quit on me. I wasn’t getting any audio alerts from the program for about a week or so, and I had a sighted tutor friend look at my computer to see what was up. It turned out that my demo copy of Avast had expired, but I had no way of knowing this because nothing was spoken. My tutor friend had to register Avast for me, because apparently the registration is inaccessible to screen readers. So I finally made the decision to go with Microsoft Security Essentials. I had heard great things about it from friends. This program is totally free and totally accessible. The other thing I like about it is that in addition to an anti-virus program, it has anti-malware capabilities. The installation file was a bit tricky to find so I needed sighted assistance there, but everything else about the program is 100% accessible with both of my screen readers.
Jake:
Thanks for your comments. I recommend MS Security Essentials for realtime protection as well. However, it really doesn’t scan files, & this is 1 of the reasons I recommended Avast. Do not install its realtime protection–just use it for scanning files. I agree it isn’t terribly accessible, but its right-click context menu integration with Windows Explorer works well. Just right-click the file/folder you wish to scan (applications key or shift-f10), & you’re good to go.