I came across a story on the internet today about the on attack twitter using google by malicious hackers.
Now, this news may sound a little strange to most of our people who own websites but know next to nothing about the scripts that run their sites both locally(i.e client side) and remotely (i.e server side). It involves the .
htaccess file on your web server.
Now what is htaccess? You will ask. Please try googling it to know. Just type in ".htaccess" and you will get millions of results. You can also try
www.wikipedia.orgBut to cut a long story short by way of summary the .htaccess according to wikipedia is explained below:
In several web servers (most commonly Apache), .htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. The .htaccess file is placed inside the web tree, and is able to override a subset of the server's global configuration; the extent of this subset is defined by the web server administrator. The original purpose of .htaccess was to allow per-directory access control (e.g. requiring a password to access the content), hence the name. Nowadays .htaccess can override many other configuration settings, mostly related to content control, e.g. content type and character set, CGI handlers, etc.
In the Apache web server, the format of .htaccess is the same as the server's global configuration file; other web servers (such as Sun Java System Web Server and Zeus Web Server) implement the same syntax, even though their configuration files are very different.
Directives in the .htaccess file apply to the current directory, and to all sub-directories (unless explicitly disabled in the server configuration), but for reasons of performance and security, cannot affect their parent directories.
The file name begins with a dot because dot-files are by convention hidden files on Unix-like operating systems.
ENOUGH! ENOUGH!! ENOUGH!!! POINT TAKEN. Now explain to me like you will to your mother in the village…[/color]
It is just a hidden file on the Apache server that enables you to control how the server behaves. What programs are run, what areas can be accessed, control of passwords etc..
(layman’s view)So what are you on about bro?
Good!
Some few days ago, if you type in the word twitter on google, you will get the following response (see screenshot)
Note: As you can see, the top results are for an
ANTIVIRUS WEBSITE and not for
TWITTER. Now an attempt to click the website led nowhere and the page remains blank (this process could be the time the virus enters your system through the back door. Afterall to you the screen is blank and your system is still loading Abi? Wrong!)
But google the site direct and you will sure get a response. You are redirected to a website with a popup asking you to do a virus scan of your system (Haaaaah!! All Na Lie-o).
How did they take over google and twitter?
It was simply the htaccess file that was compromised. Now they used this file to redirect traffic to the antivirus website. This appeared to have happened only on google.
Now how were they able to do it: Has almighty google fallen prey?
See the answer for yourself here.
http://google.com/safebrowsing/diagnostic?site=google.comThat is google’s own report about their website.
Initial suspicions leaned towards the site being hacked, but the site administrator was confused as no hacks could be found. To be on the safe side, information retrievers, were consulted (those wizards you know!) and one specializing in rarefied AIR (adversarial information retrieval) had the answer. Check the HTACCESS file; which was an eye opener.
You see, they had gone in and were redirecting ONLY the traffic from Google which then prompted and had caused the computer to be infected. From then on,subsequent searches were intercepted and their own (modified) Google results were returned. (Sneaky little Chipmunks I tell You)
What to do?
Make it a part of your site auditsThis kind of attack can ruin your reputation and leaves room for sabotage. While this may not seem like the domain of the SEO, having low search engagement and possibly infecting visitors is sure to have negative effects ultimately. No matter how you look at it, from hacking to put nasty (outbound links) on competitor sites to redirecting incoming SERP requests, this is something SEOs need be aware of.
In the modern world of SEO, close ties with the security and system administrators is key. Everyone needs to be aware of the potential for such attacks and be vigilant. A lot of time and money (into search campaigns) could easily be washed away and replaced with a reputation management problem.
What to watch for - This type of attack is often found when you are using a CMS (joomla, drupal, forum software etc) or WordPress type installation that requires the htaccess to be writable (such as SEF URL creation).
To guard against it, be sure to chmod your htaccess so that it isn’t writable until you need to publish something new - then make it writable, create pages and then set it back again.
This is important!
Hope I have succeeded in keeping longer on this forum with this dreary monologue.
By the way if you need this services as in chmoding and htaccess protection you know who to contact;ME.
