DPNlive taken down for 3 days!!
Last Friday (8th August), during the course of our normal weekly upload of new content to Digital Print News (DPNlive.com), the site was compromised. There are approximately 30,000 sites compromised daily.
Regretfully, we had to take it down to protect our stakeholders and also to allow us to investigate exactly what had occurred.
In all, the downtime was from late Friday night until early yesterday morning (Tuesday 12th).
Since its inception three years ago, DPNlive has continually updated, reviewed, and in many instances, blocked features on the site to ensure that it would/could not be compromised by outside forces.
However, like all things in life, no matter how good you are, there is always someone who will eventually find a way. Governments and international banks go down, even some of the most secure sites in the world have been taken down, and they also have the most advanced security systems in the world.
I suppose we should take it as a compliment that ‘certain people’ thought DPNlive was worth ‘crashing’!
Online sites like DPNlive, which posts up to date news from around the globe every week, are prone to attack , simply because it receives information and graphics from so many countries every week. We have to individually check each and every graphic and item of content.
Over the years, we have had hundreds of attempts to bring us down, but through our diligence and security measures, we have always managed to thwart these.
The site has over 6,500 graphics and in excess of 2,500 articles as well as countless other large files on it such as data and music videos, so it is large.
To try and ensure that this does not happen again, we are in the process of updating our site to the latest, most secure platform available.
This will take some time as you can appreciate, but it is vital that we undertake this process to ensure that both DPNlive and our readers from all over the world receive our weekly news updates, ON TIME, EVERY TIME.
Right now, we are back up, secure and looking for your news with the original site.
We have a team of web developers and designers working on a new site and you will see a brand new site up within the next two weeks.
Don’t forget that we offer amazing promotional offers as well.
Top tips to protect your website
If you look after your own website, here are some tips to follow. If you outsource this to a third party, it provides a useful set of questions you can ask to see if they are well prepared for a problem. This is far from an exhaustive list, but a good start if you have a website and haven’t thought about security a great deal before.
- Make sure your web site was built following good secure coding principles.
- Check that your control panel and CMS software and any other software you use are patched and up to date. If you use a third party make sure they have policies and processes to do this for you.
- Get a professional review of your website that can identify vulnerabilities before the cyber criminals do. Make sure you have applied best practice first, otherwise they will waste your money telling you things you should already have fixed.
- Perform a regular scan or check on your website to spot unexpected changes or nasty malicious content.
- Backup, Backup, Backup and again. While this tip won’t protect you from being hacked, it will be very beneficial to you should it happen. Store them on your computer AND elsewhere too. Sometimes tidying up the damage left by cyber criminals is hard work.
- SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate your database. When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data.
- Error messages. Be careful with how much information you give away in your error messages. For example if you have a login form on your website you should think about the language you use to communicate failure when attempting logins. You should use generic messages like “Incorrect username or password” as not to specify when a user got half of the query right.
- Validation. Validation should always be done both on the browser and server side. The browser can catch simple failures like mandatory fields that are empty and when you enter text into a numbers only field.
- Passwords. It is really important that you use strong passwords that you change regularly. You have no idea how important that is and most people don’t do it.
- File uploads. Never allow people to upload their own files and be careful of the sources of your files and graphics. Check and double check.
- Penetration testing. Carry out penetration tests (pen tests) on your site. You can use free or paid tools. Some free tools include Netsparker and OpenVAS.
- Your own computer. Your own computer is likely to be a weak link in the chain. No matter how secure your site is, if the machine you access it from (including logging in and editing etc.) is not secure you stand a good risk of being compromised and it may affect more than just your site.
- Log checking. Look for unusual traffic. Without watching who is visiting your site, what you are ranking for and similar you could be compromised and never even know it.
- Lock down your site. All sites consist of a series of files, folders and graphics. Control the permissions that you apply to them.
- Restore. If your site is compromised, have a restore plan.