Understanding Site and Account Security, this chapter will enable you to avoid serious problems. However, if the worst does happen, you'll also find an action plan that will help you to get your account up and running again quickly while helping you to avoid the same problem(s) in the future. Specifically, we will cover the following:

1. What hacking is and why you may be at risk
2. What you can do to protect yourself and your site from attack
3. What to do if your site is hacked

First, we'll explore why everyone with a web presence needs to take security precautions.

Site Security and You

You have or will have shortly a presence on the Internet available to anyone 24 hours a day, 7 days a week. While this constant availability is great for business, it also means that those with less-than-pure intentions can try to disrupt your site at any time.

Depending on who you talk to, individuals who attempt to disrupt websites and computer systems illegally might be called hackers, black hat hackers, crackers, or even script kiddies (less proficient individuals who rely on well-known security issues and more commonly available hacking tools). In this book, I will refer to them all as hackers.

You may be thinking, “No one would bother messing with my little website devoted to pictures of my dog.” Think again! You may not have credit card information or other private data stored in your account, but that won't stop a hacker who decides they want to mess with your site. The simple fact that your site is available 24/7 on the Internet is a big draw. In addition, some hackers deface websites just to show off their hacking skills—just because they can.

What harm can hackers do? Here are just a few things that could happen:

• The hacker uses an insecure form mail script on your site to send spam and viruses from your account. Your domain and perhaps even the entire web server are placed on mail blacklists and you have problems sending legitimate mail to others in the future. In addition, you have to deal with angry requests to stop sending spam and deal with potentially thousands of e-mail bounce messages for mail sent to addresses that do not exist. A program is uploaded to your website and uses your web server to attack other sites. This can severely slow down all of the websites hosted on your server as well as get your server placed on more blacklists.
• The hacker is able to run a secret meeting place for his friends and other hackers right from your website. Not only will this probably slow down your server, but it also puts other accounts on your server at risk as more hackers explore looking for other vulnerable sites.
• Your website and all of the data it contains can be destroyed, defaced, stolen, or tampered with. In fact, it is possible for hackers to use one hacked account on a shared server to gain access to other accounts or even the entire server (though their ability to do so depends in part on how your web host has the server configured).
• Your website itself or the entire server could be attacked, keeping people from being able to visit it. This can be done without compromising the data in your account and can be very difficult to stop once it starts. Your web host will need to assist you.

As you can see, even a small site is a tempting draw. While your web host can help protect the server your account is hosted on, it will primarily be up to you to keep your site out of the hands of hackers.