Google’s #NoHacked Social Campaign Teaches Webmasters How to Combat Hackers

Remember the #NoHacked social campaign Google started over a year ago? In order to combat widespread hacking attacks and to offer webmasters tips on how to keep their sites safe from hackers, Google decided to resume the social campaign in July 2015. [See Figure 1]

The #NoHacked campaign was originally held in 11 languages on multiple channels (including Google+, Twitter, and Weibo). “About 1 million people viewed our tips and hundreds of users used the hashtag #NoHacked to spread awareness and to share their own tips,” noted the blog post.

Part 1: How to Avoid Becoming a Target of Hackers

Getting hacked can negatively impact your brand or company’s online reputation, and can result in the loss of critical and private data. Rather worryingly, Google has noticed a 180% increase in the number of sites being hacked over the past year. To help combat this trend, Google shared the following tips:

• Strengthen Your Account Security: Create a password that’s difficult to guess or crack. An ideal password is a mixture of letters, numbers, and symbols, or could be a passphrase. The longer a password is, the more difficult it would be to guess.

• Keep Your Site’s Software Updated: As one of the most common ways for hackers to compromise sites would be through the use of insecure software, you need to periodically check your site for any outdated software. “If you use a web server like Apache, nginx or commercial web server software, make sure you keep your web server software patched.” If you’re using a Content Management System (CMS), or have plug-ins and add-ons on your site, keep these tools updated with new releases.

• Learn How Your Hosting Provider Handles Security Issues: If you use a hosting provider, contact them to see if they offer on-demand support to clean up site-specific problems. On the other hand, if you control your own server or use Virtual Private Server (VPS) services, be prepared to handle any security issues that might arise. As server administration is a very complex task, Google recommends that you inquire if your hosting provider offers a managed services option.

For more information on avoiding hackers, check out Part 1 of the #NoHacked social campaign.

Part 2: Recognizing and Protecting Yourself Against Social Engineering

Social engineering is a form of psychological manipulation that attempts to extract confidential information from individuals by manipulating or tricking them in some way. Phishing is one of the most common forms of social engineering, and is so deceptive that it can trick victims 45% of the time.

“Phishing sites and emails mimic legitimate sites and trick you into entering confidential information like your username and password,” noted the blog post. Once phishing sites obtain confidential information, the owners will either sell the information or use it to manipulate the compromised accounts.

To learn more about the other forms of social engineering, and to learn how you can protect yourself against social engineering attacks, check out Part 2 of the #NoHacked social campaign.

Part 3: Use Two-Factor Authentication to Protect Your Site

Unfortunately for webmasters, hackers are employing increasingly sophisticated tactics. To combat such intrusions, Google recommends two-factor authentication to boost account security. Two-Factor authentication (also known as 2FA) is an additional source of verification (in conjunction with passwords) that protects accounts and data from unwanted intrusion.

“You might have used two-factor authentication before if you have ever been prompted for a code from your phone when logging into a social media site or from a chip card reader when logging into a bank account.” In other words, two-factor authentication makes it harder for hackers to log into accounts even if the passwords have been stolen.

Google currently offers 2-Step Verification for all its accounts. “You can use your phone, a hardware token like a Security Key, or the Google Authenticator app to verify your account,” noted the blog post.

For more information on 2FA, check out Part 3 of the #NoHacked social campaign.

Part 4: Identifying and Diagnosing Injected Gibberish URL Hacking 

The fourth part in the series focused on identifying and diagnosing trending hacks. Webmasters were taught how to (1) identify symptoms, (2) monitor their sites, and (3) diagnose their sites.

1. Identifying Symptoms: Gibberish Pages & Cloaking

As their name suggests, gibberish pages are spammy pages that contain keyword-rich gibberish text, links, and images. They’re a form of black hat SEO and are designed to manipulate search engines. Cloaking, on the other hand, refers to techniques that hackers employ to disguise spammy pages from webmasters, site visitors, and search engines.

2. Monitoring Your Site for Hacking

Webmasters were advised to monitor their sites diligently to remedy hacks more quickly and minimize damage. Among other things, webmasters were advised to look for sudden surges in website traffic, track their sites’ appearance in the search results, and sign up for alerts from Google.

For more information about identifying and diagnosing injected gibberish URL hacking, check out Part 4 of the #NoHacked social campaign.

 

Comments

comments