Social Networking
Riding the social media wave
Sunday 9 November 2008, 11:09 AM
Business Bloggers Leave Blogs Open To Hackers
Corporate bloggers need to pay as much attention to the security of their blogs as they do in writing them, to avoid being hacked. The two main threats bloggers face are comment spam and SQL injection attacks. Both Blogger and Wordpress have been vulnerable to SQL injection attacks, and don’t provide enough care when validating SQL queries. This is particularly bad news for corporate bloggers because any form of external interference with your blog can have a detrimental effect on your organisation’s reputation and credibility.
A new blog takes a lot of time to do well and all that work is being put at risk by bloggers not taking simple security steps. Most bloggers are not security experts, so their blogs don’t have the usual checks that their e-mail systems will have in place, for example.
Exploiting user trust is also a key factor in exposing bloggers to potential threats. Blog readers are more likely to trust something they read in a blog they subscribe to, and this applies to clicking on unknown links. Most of us are also pretty used to sharing the love - YouTube videos, or photo albums shared between friends, for example - and this can lead to complacency that hackers exploit.
Like everything to do with computing, blogging can cause a headache. Here’s a checklist to help bloggers stay safe:
• Make sure your software (including your blogging software) is up to date.
• Make sure your blog password is hard to guess and change it periodically
• Restrict administrator and access rights
• Use Captcha or other user authentication before allowing a comment post
• Use anti-spam software on the site and protect your blog with a firewall
• Don’t allow reader comments without authentication or moderation
• Change any default prefixes for names set up by your blogging platform
• Log in to your blog securely, over HTTPS (not HTTP)
• Disable error messages (this reduces the amount of information you are giving potential hackers about your blogging software)
• Check your blog at the weekend (the most common time for a hacker to infect a blog)
• Backup your blog regularly
Happy blogging, and remember to have fun!
A new blog takes a lot of time to do well and all that work is being put at risk by bloggers not taking simple security steps. Most bloggers are not security experts, so their blogs don’t have the usual checks that their e-mail systems will have in place, for example.
Exploiting user trust is also a key factor in exposing bloggers to potential threats. Blog readers are more likely to trust something they read in a blog they subscribe to, and this applies to clicking on unknown links. Most of us are also pretty used to sharing the love - YouTube videos, or photo albums shared between friends, for example - and this can lead to complacency that hackers exploit.
Like everything to do with computing, blogging can cause a headache. Here’s a checklist to help bloggers stay safe:
• Make sure your software (including your blogging software) is up to date.
• Make sure your blog password is hard to guess and change it periodically
• Restrict administrator and access rights
• Use Captcha or other user authentication before allowing a comment post
• Use anti-spam software on the site and protect your blog with a firewall
• Don’t allow reader comments without authentication or moderation
• Change any default prefixes for names set up by your blogging platform
• Log in to your blog securely, over HTTPS (not HTTP)
• Disable error messages (this reduces the amount of information you are giving potential hackers about your blogging software)
• Check your blog at the weekend (the most common time for a hacker to infect a blog)
• Backup your blog regularly
Happy blogging, and remember to have fun!
Previous
