A few days ago the notorious hacker group from the forum site 4chan hacked youtube and redirected many of Justin Bieber’s videos to “different” content. They made popup windows appear telling users that the teen idol was dead or otherwise indicating that the site had been hacked. Though this prank was relatively harmless, it gives us an insight into what can happen when vulnerabilities are left unchecked in a website.
I’m sure nobody reading this want their site or content hacked. In the case of the YouTube hacking, there was nothing that Justin Bieber or any of the users could have done to prevent the hacking. This hack was created by leaving special characters and lines of code in the comments section of the youtube videos enabled commenters to control or re-direct the page. Users could not prevent this, but rather it was Google’s fault for allowing comments to execute any sort of coding.
The only way for you to protect your content on a third party site (such as youtube, facebook, twitter, etc) is to ensure that your password is strong enough so that your username and the access that goes along with it is not stolen. Remember, it is always a good idea to have a strong password that contains letters (capitals and lowercase), numbers, and symbols while not containing words that could be found in a dictionary.
If you have and control your own website, security is a different issue altogether. While many large organizations may actually pay hackers to try to break into their site, it can be safe to assume that your small business doesn’t have that kind of money. That being said, there are some things that can be done to prevent hacking. Here’s a few good ideas:
1) Make sure your comments and input forms only allow text and possibly basic html such as links.
2) Set your comments to be approved by an administrator
3) Don’t let anonymous users have special access to your site
4) Control and maintain your users list and only allow people the minimum credentials that they need. In other words, do not give someone administrative privileges if all they need is to edit documents.
5) Upgrade your site’s software if it uses a CMS backend.
6) Change your password regularly.
7) Check your code yourself or have someone who knows how code should look check it out for you to make sure that it is solid, current and complete.
While these may not be perfect, and there are many other ways that your site could be hacked possibly without you being able to prevent it, it gives a good start to protecting your site. By doing these few simple things you can have better security than Google did during its most recent attack and hopefully prevent yourself from having much more pain and suffering in the future.
As for Justine Bieber, his videos have since been restored. Oh, baby.
