Defend Against Black
Hat SEO: Your Web Host Can Help
The World Wide Web is a dynamic, exciting place to launch a
new business or promote your organization's message. It's also a lawless
landscape in which black hats – crackers, hackers and other on-line evil doers
– roam with very little oversight or law enforcement.
And that means it's up to every site owner to ensure that
his or her site is defended against intrusions, code injections and other forms
of attack. There's plenty of software to help keep hackers out of your desktop
pc, but what about your hostíng service? How can you protect server-based data?
Top-tier web hosting firms design proprietary hardware and
software protection to ensure that your business is secure. But site security
doesn't stop with impenetrable firewalls, spam zappers and e-mail scanners. In
fact, if you go with a hosting service that isn't up to speed on the latest
forms of hacker attackers, you could quickly find your site is no longer under
Great hosts "harden" their server systems to
deter and deflect known exploit points in the software the servers run and in
any client-site's code! There is where the value of quality hosting comes into
XSS stands for cross site scripting and it poses a threat
to even the most secure sites because XSS exploits vulnerable hardware and
software holes that allow black hat SEOs to circumvent commonly employed
security systems. In an XSS attack, black hats inject malicious HTML script into
site pages of other domains. They do this for two reasons.
First, in some instances, black hats inject undetected
scripting into competitor sites to taint these sites when SE bots spider them.
Imagine, a competitor is able to access your site's code, insert invisible text
(at least invisible to you) and, when an SE bot discovers this invisible text,
your site is slammed. Even banned from Google. Don't think it can happen? It
closes down on-line businesses daily.
So what kind of attacks can be "planted" on your
site? There are plenty:
take visitors to another site as soon as they reach yours.
alt tags, meta tags and other interior coding with keywords, sometimes
called keyword stuffing.
or misleading keywords inserted within site pages.
which detects search engine spiders and changes site text to improve PR.
jacking, the practice of stealing site content, can not only cost you in
sales, it can also slam your PR because your content isn't
"original" any longer.
Any of these black hat SEO tactics and more (spangles,
links farms, virus injections, etc.) can and will do severe, if not irreparable,
damage to your on-line enterprise. Why?
SE Bots Are
SE spiders are dumber than a box of rocks. They're unable
to discern legitímate text from a malware injection. They rely, solely, on
automation to assess and categorize a site. There's no subjective analysis. Just
text strings that are sorted completely by brainless bots.
A competitor, using one of the XSS attacks listed above,
exploits to "de-optimize" and make it appear that you're using black
hat SEO tactics, or can gain access to your site through a web browser and/or
inject toxic data to devalue your content.
Google Penalties for
Black Hat Tactics
The purpose of any search engine is to deliver relevant,
useful SERPs to users' queries. So, when a Google bot discovers what it
perceives as an attempt to falsely increase value, the site may suffer serious,
Some of these penalties may be imposed without you even
knowing about it – until you discover that site revenues have dropped 75% in
two days as a result of lost rankings and traffic! A site discovered to employ
black hat SEO may be penalized in page rank, may lose PR altogether, may
experience SE indexing issues (partial or mis-indexing, for example) and, for
the worst offenders, banishment from the Google site altogether. Dead in the
eyes of Google bots.
So, here's the problem: without your knowledge, a black hat
competitor can inject toxic scrípt into your site that could, conceivably, get
your site banned from Google. Even if you and your web host have all the
firewall and intrusion detection protection there is.
It Gets Even Worse
The second reason black hats use cross site scripting is to
actually gain access and control of your on-line business. Certain types of XSS
attacks actually enable a complete stranger to acquire the same system
privileges reserved for the site owner - you.
Access to sensitive customer data, bank account
information, the entire back office – all can be achieved with relative ease
by a knowledgeable cracker looking to steal and plunder your site.
Whether the black hat is a competitor who wants to
eliminate the competition, or a script-kiddie looking to clean out the till and
sell some credít card numbers, your on-line business is at risk regardless of
how much security you and your web host deploy.
This Is Where Quality Web Hosting Enters
During the design, administration and growth of a web-based
business, numerous tools and applications are used by site owners and designers.
There's site building software, email management software, a check-out, customer
database, automated shipping apps, tools for developing site metrics and many
This software isn't necessarily designed with security as
Priority One. Often, there are openings in commonly-used ebiz software that are
exploited by black hats during the execution of an XSS attack.
And, because of the nature of these attacks, system and
server security measures can be breached because, in essence, the hackers
piggyback their way onto an unsuspecting site using the site administrators'
credentials to gain access and/or control.
The key to protection from XSS attacks is in the proper
configuration of all of the applications and tools that comprise your on-line
enterprise. These apps must be synced up to work together while, at the same
time, developing protection against XSS attacks.
This configuring of applications is done at the host level
and should include a detailed analysis of potential XSS entry points within the
site's design and reconfiguration to fit the server security already in place.
Go With The Host Who Knows
If your web hosting service isn't familiar with the growing
danger of XSS attacks based on application exploitation points, consider finding
a more informed host.
It's not a matter of securing your business system locally.
And it's not a matter of the multi-layers of protection offered by your web
It's a matter of thinking like a black hat and taking a
proactive stance against XSS attacks they may employ. If you aren't sure your
site is protected, and your hosting rep can't provide the assurances you
require, talk to another hosting company before disaster strikes and your site
is banned from Google.
About The Author
Frederick Townes is the owner of W3 Hosting, a web hosting
company dedicated to providing fast servers, guaranteed uptime and reliable,
friendly support. When your site is an important part of your business you need
a professional web hosting company to
keep it online and running smoothly. W3 Hosting is just that – and more.
By Frederick Townes