Google announced this week that it will begin notifying certain webmasters if their sites are running out-of-date web server software that could provide an open door for hackers.
The search engine giant said Thursday that it will alert site owners if they are running content management systems (CMS) or other publishing software that contains a security vulnerability, according to Google’s Webmaster Central Blog.
However, only site owners who have signed up for Google’s Webmaster Tools, designed to improve a site’s search ranking, will be eligible to receive the alerts, the blog said.
Google plans to start the program in a test phase, sending out 5,000 to 6,000 messages to webmasters who may be running out-of-date versions of WordPress, a popular blogging platform.
"There’s been a recent trend of spammers hacking websites, and most of the time that happens because the webmaster or site owner didn’t update a piece of software that runs their website," Matt Kutts, a Google software engineer, wrote Thursday on his personal blog. "If you think you can install a piece of software on the web in 2008 and run it forever without upgrading, I’m sorry to say that your website will be at a much higher risk of getting hacked."
Experts have said hackers infiltrate these legitimate sites to embed URLs that point to their own malicious or spam sites. That way, they can improve search-engine rankings.
Publishing software is often riddled with vulnerabilities because it is built for companies that are inexperienced in coding and that want a third-party platform they can customize to suit their own needs, Francesco Benedini, a malware researcher at anti-spyware firm Sunbelt Software, said on Friday.
Among other thing that could happen is the malicious users, if they determine you are running a vulnerable CMS, they can run an automatic exploit. It can for instance, insert a redirection to a malicious site or insert malicious content."
What Google can’t help webmasters defend against are poorly coded sites that are vulnerable to attacks such as cross-site scripting and SQL injection. For defense against this, owners are encouraged to conduct a complete code review, he said.
via: SCMagazines
If you like this blog please take a second and subscribe to my rss feed
Tags: CMS, Google, hacking, malware, phishing, spam, spyware, webmaster tools, Wordpress
Comments: No comments, be the first to comment
All the fields that are marked with REQ must be filled
Leave a reply