Every day spammers hit thousands of websites and a number
of these are shut down by their ISP or webhost for "abuse".
Damage done by spammers can take two forms:
a) General annoyance such as posting adverts on your forum
or spam comments on your blog which are irritating and
time-consuming to resolve but are unlikely to get you shut
down. There are, however, cases in which even this damage
could get you into some hot water with your host.
b) Malicious use of your website in some way which *could*
get you shut down.
Here, then, are what I view as the top 5 problems spammers
could cause to your business, and what to do about them.
1) Contact Us Forms
Many contact forms such as the popular formmail script are
easily attacked by hackers, enabling them to email
thousands of spam messages an hour using *your* server,
*your* bandwidth and consequently *your* money. This heavy
server load slows down your site and any others hosted on
the same server and may well cause you problems when your
webhost spots what is happening. I had my FTP account to
one of my sites blocked a few years ago for just such a
problem.
My host refused to unlock it unless I agreed to permanently
remove my contact form so spammers couldn't use it any more.
Just as bad, a wrong spam complaint from your domain, could
also result in you being blacklisted (at best) or shut down
(at the worst).
The solution here is to ensure your email address is hard
coded into the script itself - so it simply won't work if
hackers try to email someone else from it - rather than the
age-old technique of just having your email address
submitted as a hidden field in the form itself.
2) Heavy Server Loads
Any automated scripts used by spammers can cause real
drains on your server as it slows to a crawl. This is why
sites like Google will ban you from using their services if
you're caught using any automated scripts to access their
site.
This is often seen in the form of forum hacking - spammers
either posting hundreds of adverts to your forum, or
harvesting everyone's email addresses to be able to spam
them individually by email.
I have had it happen to me and seen the pages accessed
shoot through the roof for a few weeks.
The simple answer here is to (1) keep a close eye on your
forum, banning spammers by IP and email address, and if
necessary temporarily disabling your forum until they get
bored and find another victim and (2) register for updates
whenever an upgrade of your chosen forum software is
available so that you can upgrade as soon as possible to
keep security gaps to a bare minimum.
3) Excessive Spam Sent To You
If you received 5,000 spam emails in the next hour you can
be sure your host would take note.
So keep your email address as private as possible.
*Don't* actively give it out on your site as spambots can
easily harvest this information. Give it as an image file
if you have to, or use a secure contact form or help desk
script to really improve security.
4) Accessing Unauthorized Areas Of Your Site
I'm astonished sometimes by what I find. I recently was
considering purchasing a piece of software and decided to
do a search in Google for reviews to see what others
thought. What came up as the 3rd listing? The download page
for that piece of software! Imagine if I'd posted that URL
in a busy forum!
Beat this problem by (1) always using an index.html page in
every folder you create so these "hidden" areas aren't view
to anyone who chooses to look, (2) consider adding a
robots.txt file to exclude search engine spiders so pages
like your download pages don't appear in their results and
(3) try not to name your folders anything too obvious.
Popular scripts have standard and wellknown setups that
will enable anyone in the know to fiddle with your site if
they know the software you're using.
5) Tell A Friend Scripts
These too can be abused by spammers emailing thousands of
people via your site.
As these are often set up to send a number of emails at the
same time they can be powerful spam tools and with a
limited number of popular scripts on the market there are
only a few that the spammers need to figure out before they
start to make trouble.
To counter this problem find a script that allows total
customization of your form making it harder for spammers to
work out what script you're using, and the facilities to
ban users by IP or email address so trouble-makers can be
quickly and easily extinguished.
----------------------------------------------------
Get free online business advice and sign up for a free
merchant account so you can accept credit cards online at
http://www.merchantaccountforum.com
No comments:
Post a Comment