Protect Yourself from Website Hijackers by Mark Daoust Christopher Berry of The Host Group Inc. remembers the first time it happened: "I was kind of flattered. To think that someone else viewed TheHostGroup.com and thought that it was worth stealing was definitely flattering. However, it didn't change the fact that someone had stolen my website." Website Hijacking has been around as long as the Internet. It is, however, now becoming more of a problem than ever before. Website hijacking can occur in three ways: 1) Viewing a page's source code to steal design, 2) using automated spiders (spam-bots) to collect e-mail addresses embedded within the source code of a website for the purposes of spam, and 3) cheating payment systems such as PayPal by viewing a page's source code to "trick" the system into believing payment was made. The most common form of website hijacking are spambots that collect e-mail addresses from websites with the intent to spam the owners of the website. It is very likely that these spambots have come to your website and you are now receiving e-mails for everything from how you are not properly listed in all the search engines to how you can grow various organs on your body. If you have an e-mail address located anywhere within the html code for your website, a spam-bot will find it. The second most common form of website hijacking is HTML theft. If you have a well-designed website it will probably be copied. After all, to copy a website from the Internet involves very little, just viewing the source code and a simple copy and paste. This is what happened to Christopher Berry of The Host Group Inc, a web hosting firm based out of Tampa, FL. The first time your website is stolen, you may take some pride in becoming the target of another's envy, but when you need to chase copy cats every month just to protect your brand identity it quickly becomes a grave annoyance. The least common form of website hijacking is also the most damaging. By simply viewing the source code on a website that uses PayPal or other similar payment systems, it is possible to "trick" the system into believing that a payment has been made. The result is obviously a loss of money. Many websites are vulnerable to this type of website hijacking without even knowing it. Website Hijacking will only become more prevalent. If you have not fallen victim to it, you certainly will soon. There are several good ways to protect against having your website hijacked. None of them are completely fool-proof, but the more difficult you make it for someone to steal anything from your website, the less likely they will even try. Many website owners have resorted to a simple java script code that prevents visitors from right clicking on the screen when their page is up. A sample script can be found at http://www.dynamicdrive.com/dynamicindex9/noright3.htm. Although these scripts are fairly common they are by no means a good solution. They do not protect your website from being hijacked, especially since a hijacker can simply view the source code from Internet Explorer's toolbar. Spam-bots don't need to "right" click to find e-mail addresses, they see the code as they crawl the web. In addition, your visitors may view this as an annoyance. A "No Right Mouse Click" script can be used as an extra layer of deterrence, but it is by no means a complete solution. The best way to protect your website from spam-bots and other website hijackers is to use HTML encryption. The easiest and most effective website encryption service is http://www.encryptionz.com. HTML encryption allows you encrypt the actual html on your website while not sacrificing your website design or inconveniencing your visitors. An encrypted page will appear in a website browser as a normal functioning website. Users will be able to browse your site as they would any other page. To the end user, there is no difference between an encrypted page and a non-encrypted page. However, anyone who wants to view your source code, whether human or spam-bot, will only see a series of percent signs, numbers, and letters. For example, the following html code: <a href="http://www.towersearch.com">TowerSearch</a> will actually appear as %3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%74% 6F%77%65%72%73%65%61%72%63%68%2E%63%6F%6D%22%3E%54%6F%77%65%72% 53%65%61%72%63%68%3C%2F%61%3E when someone tries to view your code. An example of a completely encrypted website can be found at http://www.encryptionz.com. One of the nice things about HTML encryption is that you can choose which pieces of html code you would like to encrypt. Some websites choose to encrypt their entire site while others just hide their payment links and e-mail addresses. The system is flexible in that you can encrypt as much or as little as you like. Even if you encrypt just one payment link, you are given the same protection. As the Internet continues to become more commercialized, site hijacking will only become more of a problem. Once your site has been hijacked, whether it be through spam, your website being stolen, or even someone exploiting your payment links to steal your service, you cannot go back to prevent it from happening. You can only prevent future occurences. The best prevention is preparing your website in a fashion that protects against hijacking. ================================================================ Mark Daoust is the owner of TowerSearch. Get a guaranteed #1 position for the keywords you choose on TowerSearch and its network. Plans start from just $29.95/month. ================================================================