Target Acquired

Today's website is not just an ordinary stop on the Internet. It is a target for hackers. The use of your server and site could serve as a jumping-off point to attack other sites. Compromised sites may be used to host phishing scams that house near-mirror copies of bank websites. They may be used to house drive-by malware, or to house Internet Relay Chat (IRC) communications channels, which is a form of instant messaging.

As this chapter is being written, a current media report cites the capture of a portion of the ZeuS gang. This notorious criminal element has successfully gathered into its fold several hundred thousand machines. These “zombies” (as they are called) are fully under the control of the ZeuS criminals. Among other things, their aim is the theft of money. And they have been very successful at their goal.

Another big name making recent news headlines is the worm known as Stuxnet. This highly sophisticated worm has been responsible for working its way into electrical generation systems in many countries. According to some reports, it has been found in Iran, China, and the United States. Stuxnet is a very advanced worm (or virus) and has proven to be very formidable.

The challenge is that many systems on the Internet have weaknesses and vulnerabilities. These weaknesses often are the result of a default password or weak passwords guarding the door providing entry to websites.

In addition to banks and utility companies, the small or medium business owner ...

Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.