Jeremy Schoemaker asked me to write up a little something regarding the recent string of SEO web defacements for a non-technical audience which he posted in his blog.
The SEO industry is very focused on being SEOs.
Like many professionals, many attempt to avoid time consuming activities that are not core to their business. Business is enabled by the features and abilities of the software that it employs. These feature-rich software environments can, and usually do, have an invisible threat of insecurity. This is a perennial theme of information security writings and I myself have touched on the issue recently.
Web defacements are nothing new, but the media attention to SEO superstars is notable and makes their online presence an attractive high-value target. The recent mass defacement of SEO wordpress blogs that was launched from a technical adversary using tor is an example of what has become a not uncommon occurrence.
What can SEOs, and bloggers in general, do to lessen the risk of public embarrassment from defacements, hacktivism, and information leakage? The answer is that quite a large number of things can be done to help prevent these incidents.
- Hardening of systems by reducing unneeded features. (For example, the bugfix for WordPress v2.0.6 addressed a correction for those webservers that had left register_globals set to "on." Not recommended in the first place.)
- Hardening the web services themselves with security modules.
- Use of a NIDS or HIDS that will actively block or alert upon detection of questionable behaviors.
All of these methods involves time and resources that could best be applied to doing what they do best, in this case, being a SEO. It is a good example of where an application/hosted service provider model or the services of a competent information security advisor would show a lot of value in reducing the risks of media embarrassment and possible valuable information leakage.