When that happens, visitors to those pages may be connected to malware downloads. Such malware may steal personal information from the corrupted machine, or make it a node on a botnet for the purpose of attacking or spamming others.
XSS is bad juju, folks, Cutts said so too, as he called for webmasters to look at their text boxes, especially search boxes, for possible problems:
If you’ve noticed that your rankings in Google seem to be affected, you might consider a few searches on your site to see if anyone has injected spammy or porn content on your site. If your domain was example.com, you might want to run a few queries such as [site:example.com porn] or [site:example.com biaxin] or [site:example.com viagra] to see whether you run across unexpected results.
Cutts also suggested the upgrade process for site applications, like the WordPress blog platform purely as an example, should be accompanied by an admin password change. "Sometimes hackers are smart enough to save your password and come back even after you’ve fully patched your system," he said.
A strong password means more than letters and numbers. But computational power available on the market means a strong password is not enough. We suggest the old standby of making a new admin account with a different name than a default like "root" or "admin" and giving it administrative rights with a strong password, and make the old admin name a user account with no significant rights in the system.
Gord Interviews Matt CuttsGoogler Games Google; Cutts Goes SilentMatt Cutts On Bigdaddy, RK, And EmmyDebunking Matt CuttsSMX: You And A With Matt Cutts Matt Cutts Talks PageRankMatt Cutts Teaches Us To CrawlMatt Cutts Reins In GooglebotLive from the GooglePlex: Sullivan and CuttsPubCon - Matt Cutts Keynote
Comments
Great article
Interesting article. I had not thought about this topic before but would love to hear more about it.
Post new comment