Note: This column represents the opinions
of the writer and as such, is not represented as fact|
What do you do if you find that your, or your customer's websites have been
the contents of Aardvark's "million-dollar ideas" notebook
are revealed for all to see!
While it might be tempting to curses and swear, then hope that nobody has
noticed -- that's probably not going to save the day.
Of course if you act very quickly, and have superb recovery systems in
place, you might just get things back to normal before anyone notices -- but
this is unlikely. Hackers tend to strike in the middle of the night when
you and your support team are tucked away in their beds. Unfortunately the
rest of the world is wide awake and probably spreading the word before you've
even thrown the alarm clock across the room.
Need Cutting-Edge Copy?|
As NZ's longest-running online commentator, I'm looking for
extra syndication opportunities for this daily publication -- or I'm happy
to write casual or regular material specifically to order for print or
Net-based publications. If you're
interested, drop me a line
Here are my tips to handling the situation, should you be faced with having
your site, or sites you are responsible for, hacked.
First up -- if news has already gotten out -- don't bother denying it. If you
say "no, we haven't been hacked" then the clever people will wonder if you
can even recognise a hack when you see one and such a statement will reduce
the credibility of any further claims you might make.
Secondly, remind yourself, your customers, and anyone else who is interested that
there is no such thing as an "unhackable" website.
If you've been hacked then you're in damned fine company. The New York Times,
The Pentagon, Nasa, The FBI, Yahoo, and even Microsoft (on numerous occasions) have
all fallen victim to hackers that have defaced their websites.
The reality is that no matter how much time and effort you spend in shuring up
your defenses against hackers, there's no guarantee that your (or anyone's)
site won't get hit if you're unlucky enough to be the victim of a persistent
and well-equipped cracker.
Don't get me wrong -- of course you owe it to yourself and your customers to
make absolutely sure that any website you administer is as bullet-proof as
possible. All the available security patches should be applied, regular
password qualification and updating regimes must be in place, and even the
physical security of your installation should be considered.
While it might seem like a total disaster that some pimple-faced geek-kid
half a world away has turned your website into his own personal graffiti zone,
such an event need not be a total loss.
If your backup and contingency systems are up to scratch, you will have the
chance to impress your customers by restoring things back to normal in a
very efficient and professional manner.
There's also the chance to get a good dose of free publicity.
Tell the media how you were able to put things right in the blink of an eye
(assuming this is the case) and make it clear that the attack has allowed
you to further strengthen your defenses.
When some websites operated by a local developer were hacked yesterday, I
doubt that any other website operators or hosting companies were rubbing
their hands with glee -- because they know that if the hackers had picked
on their machines, they might have found themselves in the same boat.
Remember -- even if all the known bugs in your OS and webserver are patched --
you don't know how many "yet to be discovered" security holes are lurking,
just waiting to be exploited by some dork who wants to show off.
Save The Aardvark Fund
Yes, I have had several donations to the Aardvark fund and I thank those
who put their money where their mouse is :-)
If guilt is gnawing away inside you then there's still time to donate.
Just drop by and
hand over your loot.
Add Aardvark To Your Own Website!
Got a moment? Want a little extra fresh content for your own website or
Just add a
to your pages and you can get
a free summary of Aardvark's daily commentary -- automatically updated
each and every week-day.
Aardvark also makes a summary of this daily column available via XML using
the RSS format. More details can be found
Contact me if you decide to use either of these feeds and
have any problems.
Did you tell someone else about Aardvark today? If not then do it
There are new Vacancies Last added 2 Oct In The Job Centre
There are 14 Domain Names for sale