When you wake up one fine day, go to your website only to find adult content, your website is hacked! (Assuming you are not in the adult industry to begin with!) If you check your website and it has banners of anti-Semitic or anti-American radical slander, yes your website is hacked. It happened to a recent client of ours which caused me to write this article.

I should start by prefacing that this is not a cheat sheet for any wannabe hackers. Then again, if you are looking for a cheat sheet to start your hacking career, you should look at an alternate line of work. Here are some very basic ways how your website is attacked and steps you can take to safeguard against it -

1. Compromised Password - I cannot begin to tell you how many times in today's day and age, you ask someone for their password and they say its 'password123' or better yet its 'password'. Really? You are so devoid of creativity that you cannot jumble some characters to create an alphanumeric password? I have asked my clients to create a password that uses a capital character, a number and some characters together. If you are worried about forgetting, write them down. Save it onto a text file on your laptop. What I have used in the past are combinations of my previous street addresses. i.e. 333michiganAve or phone numbers 7026475553. Granted that purely numerical password are hackable as well, however making it harder discourages most hackers for sure. Some hackers are thrill seekers who will either will give up easily and/or lack the sophisticated saviness of password guessing algorithms. Always stay away from dictionary words. i.e. Spacecraft12 is a moderate security password. Some think, substituting numbers is a good idea. i.e. numb3r5 instead of 'numbers'. Believe me - Dictionary word and a simple script to replace H with 4s, E with 3s and O with 0s is a old trick and therefore predictable. While on this topic, if your bank ATM pin is your year of birth, change that as well!
2. CMS Leakage - Having a secure password and a poorly configured CMS is like having the main door of your home with a dead bolt and leaving your back door ajar. When you install a CMS system, ensure that you delete the prescribed list of files which they recommend you delete. These install files can greatly compromise your security. Also, remember hackers look for outdated version of CMS. Some versions are so famous for identified holes, that hackers flock to them like bees to honey. Make sure if you installed your CMS a while ago, update it or seek professional help to do so. The hacker can run these install scripts and restore your website to out of the box vulnerable state. Then accessing the site from the inside out and brandishing it with hateful spew.
3. Hosting Vulnerabilities - If you are hosting on a server with less than decent support system behind it, you should think twice. A well managed server detects such hacking attempts before the site owner finds out. My website admins have emailed me that a particular website security was challenged and that they have changed the admin password for the CMS, ran several scripts to identify and remove malware and also updated the CMS password all before I found out myself and/or the site owner's knowledge. Now that is worth the money twice over!
4. Trojan Horses - Sometimes the hack is orchestrated via uploaded files. Say you get an email or a file somehow ends up on your machine. You then upload that file to your server. If you unzip and execute it without screening it for malware, adware and/or any virus, yes you risk a chance of being infected. Some servers will automatically scrub all incoming file transfers but then again not all do.
5. Cross contamination - I had a client once who used one hosting account to host multiple domains. Now, bear in mind that if your security is compromised for that one account, your other domains risk the chance as well. So you are essentially offering the 'Hack one, get three free!' deal for the hacker. So beware!

Some ways to eliminate and counter hacker attacks -

1. Always invest in quality and trusted Anti-Virus software. If you ask around, you will find half of them bad-mouthing a particular brand while the others swear that it is the worst product. If you own a slower machine, the latest AV software will and/or can slow your machine down. Consult a professional I.T guy about your systems specifications prior to your purchase or consult a sales agent at the store of purchase with your PC specs.
2. Be smart about your computer. If you get emails asking you to install, download or simply click on a dubious file. Stay away! If you are not sure, again consult a colleague at work, family member at home or simply do nothing.
3. When you feel that your server security has been compromised, let your server admin know ASAP. The sooner you act, the faster your admin can act. This means, time is of the essence. Waiting full 72 hours after the infection can mean its too late. The damage maybe permanent.
4. Backup, backup, backup. I cannot stress enough how many business owners do their business day to day without a backup for your office computers leave alone a server backup. Backup your machine. Backup your server. Backup your website. Backup everything and anything that will cost you time and money to reproduce, lose face with client and/or treasure your memories of family members.
5. Seek professional help. We all have friends. And we count on them in time of need. If your friend is a qualified I.T guy, yes, call him/her. If they know more than you, doesn't mean they are qualified. When you have partially qualified person supporting you, one can do more damage than they came into sort out in the first place. This means, they may accidentally delete or cause irreversible damage to the machine. See professional help from techies who do this day in, day out.

At the end of the day, even the best of us get taken for a ride. I have almost fallen for the UPS package virus which shows up as an attachment in a hard-to-tell email saying you got a package. The email looks identical to the real email one would get from UPS. Heck, I got one from Paypal asking me to login to check fake transactions. And I almost did. In the nick of time, I realized that something did not add up.

On the servers, I have always performed security audits. There are serveral websites which will give you checklists based on the version and type of CMS you have installed. Some will perform the audit for a nominal fee. If your website host offers such complimentary service, it doesn't hurt to ask. And if they charge a small nominal fee, it is better to be safe than sorry.

I have said it once and I will say it again - hackers are opportunists looking for unsuspecting users. Be smart. Be aware of your technical handicaps. Always double check. Check twice, click once.
 

Once upon a time SEO (Search Engine Optimization) was regarded as a complicated beast. It had a big head, long arms and long legs. The idea of SEO was very intimidating. Frustrated site owners turned to SEO experts to guide them through the maize to seek customers on the Internet. I called it SEO Therapy. The regimented course of meta tags, keywords, keyword density and several other terms manifested a SEO conversation. Once the SEO experts/therapists had figured out how to manipulate Google, every Tom, Dick and Harry became an SEO expert. My broker in the U.S once said, 'When anyone and everyone gets into your industry; it is time for you to get out.' This line could not be any more truer. Nothing against Tom, Dick and Harry. Sorry guys!

Hello Social Media

Recently, two events happened. Social media came of age. With the proliferation of new social media platforms popping up to cater to every demographic and the social media integration on the web and smart phones, social media became more prominent. Every website today has the Twitter, Facebook and LinkedIn icons waiting to catch your eye. Yes - this makes content sharing useful and you can share, no doubt, but too much is too much. That said, Google+ which is Google Search's younger sister, awaits your attention. Google Search has integrated YouTube in its results and now seeks to actively embed Google+ into its DNA.

Twitter, LinkedIn and Facebook tend to be the order in which business accepts Social Media. Although the solopreneurs and mom-n-pops tend to spend more time marketing themselves on Facebook. Twitter has its own merits. When managing Twitter, the most primary concern most Twitter users have is - time spent on managing your Twitter account.

Buffer - This program has great features. After seamlessly integrating within your browser, Buffer allows any Internet surfer to add any URL to their buffer stack. It is as simple and quick as bookmarking your site in a browser. Once you have filled your stack, Buffer will post one post at a time to your Facebook or Twitter account. The next version promises Google+ integration. You can change the recommended schedule as often or as least often as you want. The paid version of the program also allows you to stack posts for days where as the free version allows only 10 posts at a time.

ManageFlitter - For lack of better names, this program does make cleaning up your Twitter account easy. After a long period of time, Twitter becomes cluttered. In order to eliminate any non-followers, newbies (eggheads), foreign language twitters, and spam bots, this free utility is a must-have. The free version does not allow you to automate posts but the paid version does that and lots more.

MarketmeSuite - If you are someone like me who is not too fond of Hootsuite, then you will like MarketmeSuite. This program is designed for an inexperienced or seasoned Twitter alike. You can automate posts, send auto-follow messages, and unfollow users. My favorite feature is keyword search. If you perform a keyword search, the search results of Twitter users shown show their Klout score next to it, so you know how avid social media users they are. There are a lot more unique features but ability to manage Twitter and Facebook in one place and do it well, that is a timesaver!

Unfollowme - This free utility is great help for new Twitter users. Unfollowme was one of our first utility download. This program is designed to cleverly unfollow someone from your follower list based on different parameters.

TwitCleaner - 'Bulk' is the middle name for this utility. The icon view of unfollowers, spammers, bots and whole bunch of parameters allow you to bulk unfollow. This will help you manage your account. It does not help much in terms of acquiring new members.

Don't take our word for it. We strongly recommend you download and try these. Everyone has their favorites. You might use some more than often.

When it comes to acquiring new members, all new Twitter users are obsessed with adding large number of followers. If you use a paid service and/or an online offer of some kind, rest assured that quality is far important than quantity. It is the number of users that convert into business that finally counts! We strongly recommend that you not for for such obsession. Growing your following organically can mean inviting your clients, business associates, partners and finally if not last but least, your suppliers and vendors. You never know where you next bit of business will come from.