Here is a list of action items and why:

1. Do your own site-backups regularly!

This doesn’t prevent your site from actually being compromised, but it does prevent that hack from causing massive damage. If you can simply re-upload your site pre-hack, with all of your current files, then you probably will not experience the downtime and annoyance associated with restoring a compromised site.

Of course, most hosting companies already perform courtesy site back-ups and provide free site-restoration if your site has indeed been “hacked” or compromised in any way. However, their back-ups may not include recent updates, and may also be a back-up of a compromised version of your site, so it is always safest to also have your own.

2. Change and strengthen your passwords.

You will want to scan all local machines that have access to upload to your sites for virus’. The reason for doing this is that your FTP account info can be compromised through something hackers practice called keylogging: http://en.wikipedia.org/wiki/Keystroke_logging If you do not currently have an anti-virus program I would suggest Avast. You can download it here: http://www.avast.com Also, keep in mind one software package doesn’t completely protect your computer. You also might want to look into: http://www.malwarebytes.org

Worried about keylogging? Even if you have chosen an extremely secure password, keylogging can track it. Here are some things that may prevent malicious keylogging efforts from impacting you:

• A good, updated anti-virus program will be able to detect many keyloggers and prevent them from collecting sensitive information
• Automatic form-filler programs can prevent some keylogging attempts by bypassing the use of your keyboard altogether. That being said, make sure your auto-fill program (whether you use a browser-based one or a separate “password safe” such as KeePass) is password protected.
• Use anti-keylogging software
• Enabling and properly configuring your firewall may prevent transmission of your passwords/sensitive material over the internet to those with malicious intent

After scanning your computer and taking care of any issues that are found you will want to change your FTP passwords. Please make them as secure as possible by using both letters (upper and lower case) and numbers (in non-sequential order). This is an early step in both preventing site hacks in the first place and keeping your restored site safe. Your FTP password should be changed immediately.

Some things to consider when choosing a password:

• Combine letters and numbers, lowercase and uppercase letters
• The longer your password is, the more difficult your password will be to “crack”
• Use a password generator

Check your password strength:

• http://www.microsoft.com/protect/yourself/password/checker.mspx

*You should also strongly consider changing your password for the control panel… …and yes people on Macs can have viruses on their computers.  I am on a Mac and use iAntivirus.  Another program friends on Macs have suggested and like ClamXav.

3. Make sure your software and scripts are up-to-date.

You should evaluate any code or script you put onto your website that you did not write yourself before uploading it to your site. Free scripts are sometimes made without security in mind. Free themes and templates can be coded in such a way that compromise the security of your site and make it an easy target for exploitation by hackers.

You will also want to make sure that you are using the latest versions of any 3rd party applications (eg – WordPress, Joomla, Drupal, OSCommerce, ZenCart, VBulletin, etc.) that you have installed. The script-provider will usually keep their latest version on the homepage of their website for download and easy upgrade. If you have an application installed that you are not using, please remove it or at least set permissions so that is it only accessible by owner and not by group or other.

The two things you want to when first installing any of 3rd party application; 1) As a good rule of thumb is never use the default database table prefix (eg – WordPress uses a default database table prefix of wp_ . This in not going to effect how the script writers intended the application to function. 2) Never use the default username “admin”. It gives the person(s) wanting to cause harm to your website(s) half of the answer to the puzzle to the backend of your website. When you are done with the installation create a new user other than admin that has administrator rights and delete the default user.

If you are unsure about the code or script you are inserting into your site, it may be beneficial to only use high-quality (this often means paid-for) software, hiring a security-minded coder/developer or by using an automated method like Firewall Script.

4. Check site permissions.

No file or folder should have read, write and execute access for Other. The most common permissions are set up as read, write and execute for Owner and Read and execute for group and other. You may also not need the execute permission on files for other. Please make sure of this. To see permissions settings click the folder to the left of a folder name and on the right hand side it will come up with the permissions.

5. Perform a traffic inspection.

It is important that you analyze the kind of traffic you are receiving. If all of a sudden your site receives far more traffic than normal (and you havent implemented any marketing campaigns), check the incoming IPs: their location and their visiting frequency.
You should also check your own page rankings. If your site starts ranking for sex-terms, pharmaceuticals and gambling, your site has likely been compromised and you should contact us for further assistance.

6. Create FTP Allow/Deny Rules.

If all else fails you can create rules to prevent anybody from accessing your website(s) by limiting the IP address or Dynamic IP range that can connect via your hosting account’s FTP  connection.  The only caveat is that if you on your website(s) from multiple locations or have a webmaster at a different location is that the IP address or dynamic range does not match the rules it will not let you in.  The good thing is it won’t let the people trying to attack your website(s) do any damage either.  Click here to see how to create FTP Allow/Deny rules.

7. More Information.

Your best weapon against malware and hacking is information! Here are some links to get you started learning more:

If your website has been compromised and you have contacted your hosting company to investigate the issue and they have deemed your website(s) clean you can resubmit your website to Google for website reconsideration (if Google has flagged your site(s) by clicking on this link: http://www.google.com/support/webmasters/bin/answer.py?hl=en&answer=35843

If you are interested in finding the most comprehensive article on preventing and repairing a compromised website please feel free to check out this link: http://25yearsofprogramming.com/blog/20070705.htm

Here is a quick list (courtesy of good friend Cheryl Harrison that I have expanded on) of things you can do to promote foursquare checkins:

+ Loyalty card. “Free x for every x number of checkins.” (printing, business cards, brochures, etc.) Daily, Weekly, Monthly Be unique and get people’s attention by offering more than 10% or 20% for a “one time” offer. Brand loyalty comes when the customer service experience turns into word of mouth marketing not spending more money on traditional marketing techniques. Make them feel special and unique.

+ As a bonus or upgrade. “Free x everytime you checkin on Foursquare.” These can be throwaways that don’t cost the company a lot of money, but attract people to come in.
+ As a way to boost foot traffic on slow days. “40% off on Wednesdays when you check in on Foursquare!”

+ Make it a group thing. As an incentive for bringing friends. “Free x if you checkin with more than 3 people.”

+ As a vehicle to give out something unique. “Limited edition x if you checkin on Foursquare!”
+ As an added value for your sponsors. Having a conference? Offer attendees the ability to check in at each of your sponsor’s businesses to get half off their admission fee. In media? Offer swag if people check-in at the place of your live remote, your #1 advertiser, etc.

+ If you have event you are trying to promote you can spike interest in the swarm badge party.

A lot of these promotional ideas are based on Chris Anderson’s Freemium business model. When creating Foursquare promotions think like a radio station would. It doesn’t necessarily have to be related to the businesses product or service. Promote tickets to a local sporting event or concert, etc. However, make sure not to get gimicky or your efforts will lose value quickly. Be careful though people can do “drive-bys” and cheat. Make them come into the business and take a twitpic for proof. Much like what WeReward is doing.

Here are a couple case studies from a fraternity brother and well known social media marketer and events coordinator extrordinaire , Jason Keath:

Pros:

Why Foursquare Drives Business What You Need To Know
How To Drive More Customers To Your Local Business

Cons:

How the biggest coffee company in the world got it wrong (aka what not to do by offering too small incentives for such a big brand – size DOES matter):

Starbucks Fails to Deliver on Foursquare

For your business you should be able to click on the “Are you the manager of this business?” to setup promotions and track statistics, etc. All this is only half the puzzle. The other half is promoting it on Facebook and Twitter.

If you are interesting in learning more feel free to contact us to see how we can help your business.

e107 is a CMS (content management system) that allows users to to build websites using templates and use a administration section to change content on their site.

The security vulnerability was located in a contact.php file that allowed a hacker to access your account and upload malicious files such as phishing sites, shell scripts, and or viruses. You can read more about it here.

If you have an installation of e107 we are asking that everyone to update to the latest version. We are here if you have any questions.

Unfortunately, it looks like e107′s documentation wiki is down at the moment, but we found a great forum post on the topic with instructions for upgrading e107 to the latest version:

The first thing to understand before starting a domain transfer is that it will not affect your site or DNS settings in any way.  This means when transferring the domain, your site will not go down, but also, that the name servers will not change. For example, if your current registrar uses name servers A & B, and the new registrar uses name servers Y & Z, they will not automatically be changed.  The name servers will need to be changed at the new registrar once the transfer is complete.  This is important to note, as some people will transfer a domain and never change the name servers, so the domain never gets pointed to the updated content.

Another point to make before going over the steps in the process is that a domain transfer can take some time, sometimes up to two weeks.  This amount of time is pretty standard for any registrar, and just accounts for the time it takes for communication between the two companies and updating registrar information.

Now that you understand a few key points about domain transfers, here is the process that should be expected for nearly every registrar:

Prerequisites:

The domain must have been registered at the current registrar for at least 60 days

The domain must not be in any special expired state (redemption, extended redemption)

If you meet these, then you can move on to the actual steps!

1) Make sure the “administrative contact” e-mail address is one you can be reached at

The “administrative contact” e-mail address should be available to change through a registrar’s domain control panel.  If you aren’t sure how to find that, you can also use this tool to look up the “whois” information on your domain and check the contact information from here.  If you need to change it, make sure this is done before proceeding.

2) Unlock the domain from the current registrar

Some registrars require you to call them to do this, some have an unlock button in the control panel.  Either way, it should have the same effect.

3) Get an authorization code

Most registrars send you this authorization code (to your administrative contact e-mail) when you unlock a domain name.  This is required by the new registrar to confirm that you are the owner of the domain.  Keep this handy for one of the next steps.

4) Go to the new registrar

Once you have your domain unlocked and your authorization code, time to go to your new registrar!  Some registrars have an automated process, others have you submit a ticket, either way, make sure the new registrar is informed that you want to transfer.  When this is done, you will get an e-mail to input the authorization code you received from the old registrar.

NOTE: Most registrars do require you to renew the domain for another year when you have a domain transferred to them.  Some have additional fees for the transfer.

5) Wait

Everything has been taken care of, now you just wait for the transfer to be completed.  Once the transfer takes place, you will be able to manage the domain registration at the new registrar.

Hopefully this post helps to shed some light on the world of domain transfers, and if you’re thinking of transferring a domain, maybe this will help to go through with the process.  As always, comments are appreciated!