educational

Watch Your Websites!

Some recent activity on the hacker front prompts me to write this warning. One of the latest trends for malware proliferation is to hack legitimate websites, load their evil wares and leverage the site's popularity to spread infections.

Websense, a web security company, said in a recent report called the State of Internet Security, that 70 percent of the top 100 sites had been hacked to serve malware to unsuspecting users. Some of the most recent examples include the websites of Paris Hilton, Paul McCartney, Anti Virus vendors Kaspersky and F-Secure, Facebook, MSN, Twitter along with many, many others.

Even if your site isn't among the web's top 100, you still need to be very vigilant. IBM recently reported that 450,000 web sites EVERY DAY are being hit by cyber criminals attempting to hack them. How sure are you that your site is clean and not being used by criminal elements to deliver malware? In this column I will show you some basic tools and show you how to use them to perform a quick check.

The first tool that we're going to use is a great program called Sandboxie. After you install the program, go ahead and run an Internet browser inside it. After the program starts, open the program's main window. From there, choose the "View" drop down menu and then "Files and Folders." Running your web browser connected to a safe site should not give you any error messages.

Then I went looking for trouble. In fact, all I did was open my SPAM filter and start clicking links. At least one of the sites installed some very suspicious software on my computer. Be VERY suspicious of any site that downloads files to your computer without your knowledge or if the site says it needs to load a program in order for you to be able to see its content.

Our next tool was written by Microsoft and works with Internet Explorer. It's called Fiddler and can be downloaded for free. This program is a bit more technical than Sandboxie but it also provides more information. Fiddler is a program used to debug web pages by monitoring all traffic between a web page and a browser and its output is more detailed.

Every time the web sends information to a browser it is logged along with the type of communication protocol used (HTTP), exactly who was sending the information (useful to make sure that only those sites that you allow are accessing your customers), and the type of content being transferred. Fiddler is a very powerful tool and you can dive into it as far as your technical skills allow. Simply be careful when using the Auto Responder and Request Builder tools.

The last tool we will explore is an add-on to the Firefox browser. Security Compass is the software company that wrote the add-on and actually has three tools worth trying: XSS Me, Access Me and SQL Inject me. As the names imply, each add-on tests for different vulnerabilities. This set of tools, unlike the previous two, actively sends information to a website looking for vulnerabilities and should be used only against sites that you own or control. The tools produce an easy to read report which summarizes any problems that it finds (make sure to disable any other add-ons that you may have running) and even test input fields for database vulnerabilities such as SQL injection attacks.

Remember though that the tools in this article are free may not be as comprehensive or thorough as tools that cost thousands of dollars.

With these pieces of software you have a basic toolbox for testing your web pages. Check your sites often and make sure that you have a clean restore disk image just in case you should ever need it.

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
opinion

Account-to-Account Payments: The New Banking Disruptor?

So much of our industry relies upon Visa and Mastercard to support consumer payments — and with that reliance comes increased scrutiny by both brands. From a compliance perspective, the bar keeps getting raised until it feels like we end up spending half our time making sure we are compliant rather than growing our business.

Cathy Beardsley ·
profile

WIA Profile: Samantha Beatrice

Beatrice credits the sex positivity of Montreal for ultimately inspiring her to pursue work in adult entertainment. She had many friends working in the industry, from sex workers to production teams, so it felt like a natural fit and offered an opportunity to apply her marketing and social media savvy to support people she truly believes in and wants to see succeed.

Women In Adult ·
Show More