During my Throwback Thursday Nugget last week, I dug up the old story of bad neighborhoods and how they could negatively impact your website.
The negative impacts I mentioned included slower website response time, potential for server downtime, and lower Google ranking if too many of your website neighbors involve porn, gambling, or E.D. drug websites.
However, the negative impact I personally worry about the most is hacking. When it comes to shared website hosting, it doesn't matter how good your password is because your website is only as secure as the weakest password used by other people on their websites.
As soon as a hacker gains access to one website on a shared web server, they can also gain access to all the other sites on that same IP address.
Unexpectedly enough, during my website review, this past Friday, I found evidence of hacking on the Coffin & Trout Fine Jewellers bog. Instead of mentioning it as part of that review, I am presenting this specific case study today.
Take a close look at this screen grab for the Coffin & Trout blog:
(click to enlarge)
Up in the header, there's a link that says "discounted cialis" right next to the telephone number! That's obviously a hacker's footprint. That link goes to http://georgieandjohn.com/discounted-cialis/, but clicking it, brings you to a dead website.
Following the directions I gave in last Thursday's Nugget, I searched Bing.com for the IP address of the blog, which is 184.168.238.1. Here's the specific link:
http://www.bing.com/search?q=ip%3A184.168.238.1
According to Bing, there are 51,300 web pages associated with that IP address. That doesn't mean there are 51,300 website; it just means that the total number of web pages for all those shared sites is more than 51,000. However, just browsing through the results, I counted at least 36 different sites, but the georgieandjohn.com site was not among them. It looks like georgieandjohn.com moved their hosting to a different server.
I wanted to see how many of these sites on this shared server were also compromised with a "discounted cialis" link, so I searched Bing for this specific query, including the quotes:
ip:184.168.238.1 "discounted cialis"
These are the returned results:
There are 2 other pages in that SERP relating to Cialis:
http://valleyvista.net/discounted-cialis-online/
http://valleyvista.net/cialis-cost-low/
Here's what those two pages looked like:
(click to enlarge)
It turns out that the Valley Vista website isn't an online pharmacy, but rather a waste disposal company. Here's their home page:
(click to enlarge)
Obviously, they have no idea their website was hacked like that. In fact, the hacker is hoping that the website owner never notices.
Digging a little deeper, I then decided to search Bing again with the IP address and only the word Cialis.
The Bing SERP tells me there are 5660 hacked pages on that shared web space. Here's a very long screen capture that I compiled showing 43 different hacked pages that now have the word Cialis on them:
(click to view larger)
Some of those pages include a Baptist Church website and a little league baseball team. In fact, when I tried to click on the website for the Baptist Church, I was given this Bing popup message instead:
I also found a few pages in Bing that had already been cleaned up by the website owners. Sadly, those owners probably believe that their website was hacked somehow, and they probably went through the trouble of changing passwords and cleaning all the hacked paged. Unfortunately, the entire shared hosting environment is compromised and the entire server needs to be cleaned up.
If this ever happens to your website, then the best course of action is to move your website to another web server or web host. For the 184.168.238.1 web server I've shown here, it looks like the WordPress installation is compromised. The web host should tell all their clients and move them to a new server in order to reformat and reinstall that hacked server.
This is certainly a tough situation, and the cost to clean it up will be very expensive for the web host, and for every hosted client because it's very tedious.
Bottom Line Thoughts
I don't particularly like the WordPress system because so many people use it and there are a huge number of security holes. Using WordPress in a shared hosting environment like the one shown above is very dangerous.
If you insist on using WordPress then you should have it installed on a dedicated IP address, a Virtual Private Server, or a Dedicated Server. That way you can control the installed plug-ins and the security patches.
The labor cleanup cost for an issue like this will probably be greater than the 12 month cost of a dedicated IP address or a Virtual Private Server.
Also, if you happen to be the victim of this type of hacking attack, don't be quick to blame your web programmer or your staff for having weak passwords. Using the Bing IP address search technique I've shown to see how many other websites are infected. Most likely you are not the original hacking point-of-entry.
Lastly, even if you do clean your website up, there's a strong possibility that you can be defaced and hacked again as long as you stay on a compromised server.
