The Web Site Scanner:
Because you can’t see out-there!
This product offers a weekly scanning process of WordPress, Drupal and Joomla based websites, checking what “ports” are open and exposed to the Internet (on your web server and as an option firewall exposed to the Internet), vulnerability scanning of web site(s) and server(s) or firewall(s) exposed to the Internet, and e can also cross match of the automated data collected against data collected by Google as it scans your website with regard to security, usability and how search engines see it, on which we will comment from time to time.
Why is this important?
- In the case of WordPress and Drupal; plugins and themes that aren’t actively maintained can (will) cause security vulnerabilities and compatibility issues, which could allow someone to in effect break into your site. We’ve had sites come to us that had been hacked or broken because of outdated plugins.
- Open ports: hackers commonly use ports scanning software to find which ports are “open” (unfiltered) in a given computer (web server or firewall), and whether or not an actual service is listening on that port. They can then attempt to exploit potential vulnerabilities in any services they find. This is in effect an avenue into your web server or firewall (and onwards on to your network): For more information: http://en.wikipedia.org/wiki/Open_port
- A vulnerability scan looks at your firewall, web and other servers, making use of the open ports mentioned above to see if these systems are fully patched by the vendor of software that is running on these open ports. This scan addresses the latest security threats on the most common systems. Again this is the way that attackers take over computers and networks. While our scan is not a PCI DSS scan as such, none the less this type of scan is “the norm”. For example for any business accepting credit cards that is required to certify their PCI Compliance, and external vulnerability scanning is one of the requirements of self-assessment.
- We also monitoring Google’s search of your site via their API, they have a have a massive presence in the web search market, in fact to “Google” means to search the internet… We do this to To cross check this broader data set against our automated security scan in effect.
Impacts of being “hacked”!
Perhaps it’s best to think about this as two phases: initially it’s the fact that your web site, network or firewall has been compromised and will need fixing and the costs associated with that; such as removal of the problem, restoration from backup, or a complete rebuild.
However this is only the start.It is often the secondary and subsequent impacts such as loss of ranking via Google, or even Google refusing to allow people to go to your site, or advising that your web site may have been hacked, so damage to your reputation in the eyes of your customers and service partners. In addition; the attacker may then be using this to attack other sites and to propagate messages that poorly reflect your brand, or worse.
It is also important to consider the loss of data, and if this data is personal data and the need to alert the Information Commissioner and contact all of those whose data may have been compromised, and again the costs of doing this and the reputational damage.
Using our services provides a range of benefits:
- a useful, plain as possible guide to fixing these problems before they occur,
- a means to speak to website designers and other information technology professionals,
- it can count towards the Cyber Essentials scheme and serve as an indicator that you have made an effort in this area should the worse come to the worst.
Our service is the supply of a suitable updated and upgraded and secure Linux based system, that uses various open source modules to achieve this reporting for you, your fees cover the cost of development of the knowhow and the skills in running and maintaining this service