Success Means Security: How to protect your most profitable web sites from distributed denial of service attacks (an open source approach)

captain.jpgOne of the side effects of success is that you need to worry about security. You see how celebrities have to walk around with bodyguards, their homes have state of the art alarm systems, and the paparazzi is still always looking for a chink in their armor.

The same thing happens online. The more successful you are, the tighter the security of your online assets has to be. (You don't want your competitor ending up with your customer list, do you?)

It is always a good idea to install firewalls, intrusion detection systems, and to have an experienced system administrator or a competent hosting provider that regularly patches your servers with the latest service packs and security updates. Having your site simply defaced is the “best-case scenario” of what could happen when your site's security is breached. It is incredible how hackers break into sites, steal customer information worth thousands of dollars and sell it for a few hundred bucks. Personally, I place decoys in my customer databases so that I can tell when/if this valuable information has been stolen.

Unfortunately there is a type of security attack that is extremely difficult to fight: a distributed denial of service (DDOS). On the up side, you know you are doing really well when hackers try this on you. 😉 Read more

A Never-ending Battle — Protecting your content from CGI hijackers

frogsoldier1.jpgIn computer security we have several ongoing battles: the virus/spyware writers vs. the antivirus vendors, the spammers vs. the anti-spam vendors, the hackers vs. the security experts. Add to that list the search engine marketers vs. the CGI hijackers.

Dan Thies, the undisputed keyword research master, used his influence in the search engine marketing industry to bring the problem we have blogged about in the past to a wider audience. Specifically, the issue is the CGI proxy hijacking. He mentioned a couple of solutions, but as I pointed out in my comment, both solutions have weaknesses. I recommended a stronger countermeasure, similar to what is in use in the anti-spam industry at the moment. But after reflecting on my proposed solutions and others’, it is clear in my head that this is a never-ending battle. We can create defenses to current techniques and attackers will adapt and make their attacks smarter. Read more

Advanced Cloaking Technique: How to feed password-protected content to search engine spiders

goldenkey.jpgNo doubt that at some point you have done a search in Google, clicked on an attractive result, and come up with a frightening wall—the article or page in question requires a subscription! 😉 As a user, we all find this annoying, and the last thing we want to do is get a new name and password. But as a content provider, it’s an excellent business move. Premium/paid content is a fine monetization strategy for anyone with content good enough to sell.

It also brings up an interesting question for SEO. How exactly does Google index paid content?

I got this email on from my loyal reader Wing Yew:


I've read your blog since the day you launched.  That said, I can
completely appreciate if you don't have time to respond to this
message or post a blog about it.  On the off chance you do know an
answer, I knew I had to ask.

Question:  How do you have google/yahoo/msn spider password protected
content?  I know that SEOMoz does it with their premium content, but
I'm not sure how.  I'm rather desperately seeking out a hard and fast
answer… and I know of no better person to whom to go.

for His reknown,

Wing Yew

Saying that I've been extremely busy lately is an understatement, but how can I say no to a loyal reader that has been following my blog from day one? Thanks for your support, Wing! Letting search engines index paid content is not only a good idea, it is also a very clever one. Read more