Protect Yourself from Website Hijackers
by Mark Daoust

Christopher Berry of The Host Group Inc. remembers the first 
time it happened: "I was kind of flattered. To think that 
someone else viewed TheHostGroup.com and thought that it was 
worth stealing was definitely flattering. However, it didn't 
change the fact that someone had stolen my website."

Website Hijacking has been around as long as the Internet. It 
is, however, now becoming more of a problem than ever before. 
Website hijacking can occur in three ways: 

1) Viewing a page's source code to steal design, 
2) using automated spiders (spam-bots) to collect e-mail 
   addresses embedded within the source code of a website for 
   the purposes of spam, and 
3) cheating payment systems such as PayPal by viewing a page's 
   source code to "trick" the system into believing payment was 
   made. 

The most common form of website hijacking are spambots that 
collect e-mail addresses from websites with the intent to spam 
the owners of the website. It is very likely that these spambots 
have come to your website and you are now receiving e-mails for 
everything from how you are not properly listed in all the search 
engines to how you can grow various organs on your body. If you 
have an e-mail address located anywhere within the html code for 
your website, a spam-bot will find it.

The second most common form of website hijacking is HTML theft. 
If you have a well-designed website it will probably be copied. 
After all, to copy a website from the Internet involves very 
little, just viewing the source code and a simple copy and paste. 
This is what happened to Christopher Berry of The Host Group Inc, 
a web hosting firm based out of Tampa, FL. The first time your 
website is stolen, you may take some pride in becoming the target 
of another's envy, but when you need to chase copy cats every 
month just to protect your brand identity it quickly becomes a 
grave annoyance.

The least common form of website hijacking is also the most 
damaging. By simply viewing the source code on a website that 
uses PayPal or other similar payment systems, it is possible to 
"trick" the system into believing that a payment has been made. 
The result is obviously a loss of money. Many websites are 
vulnerable to this type of website hijacking without even 
knowing it.  

Website Hijacking will only become more prevalent. If you 
have not fallen victim to it, you certainly will soon. There are 
several good ways to protect against having your website hijacked. 
None of them are completely fool-proof, but the more difficult 
you make it for someone to steal anything from your website, the 
less likely they will even try.

Many website owners have resorted to a simple java script code 
that prevents visitors from right clicking on the screen when 
their page is up. A sample script can be found at
http://www.dynamicdrive.com/dynamicindex9/noright3.htm. Although 
these scripts are fairly common they are by no means a good 
solution. They do not protect your website from being hijacked, 
especially since a hijacker can simply view the source code from 
Internet Explorer's toolbar. Spam-bots don't need to "right" 
click to find e-mail addresses, they see the code as they crawl 
the web. In addition, your visitors may view this as an 
annoyance. A "No Right Mouse Click" script can be used as an 
extra layer of deterrence, but it is by no means a complete 
solution.

The best way to protect your website from spam-bots and other 
website hijackers is to use HTML encryption. The easiest and 
most effective website encryption service is 
http://www.encryptionz.com. HTML encryption allows you encrypt 
the actual html on your website while not sacrificing your 
website design or inconveniencing your visitors. An encrypted 
page will appear in a website browser as a normal functioning 
website. Users will be able to browse your site as they would 
any other page. To the end user, there is no difference between 
an encrypted page and a non-encrypted page. However, anyone who 
wants to view your source code, whether human or spam-bot, will 
only see a series of percent signs, numbers, and letters. For 
example, the following html code:

<a href="http://www.towersearch.com">TowerSearch</a>

will actually appear as

%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%74%
6F%77%65%72%73%65%61%72%63%68%2E%63%6F%6D%22%3E%54%6F%77%65%72%
53%65%61%72%63%68%3C%2F%61%3E

when someone tries to view your code. An example of a completely 
encrypted website can be found at http://www.encryptionz.com.

One of the nice things about HTML encryption is that you can 
choose which pieces of html code you would like to encrypt. Some 
websites choose to encrypt their entire site while others just 
hide their payment links and e-mail addresses. The system is 
flexible in that you can encrypt as much or as little as you 
like. Even if you encrypt just one payment link, you are given 
the same protection.

As the Internet continues to become more commercialized, site 
hijacking will only become more of a problem. Once your site has 
been hijacked, whether it be through spam, your website being 
stolen, or even someone exploiting your payment links to steal 
your service, you cannot go back to prevent it from happening. 
You can only prevent future occurences. The best prevention is 
preparing your website in a fashion that protects against 
hijacking.  


================================================================
Mark Daoust is the owner of TowerSearch.  Get a guaranteed #1 
position for the keywords you choose on TowerSearch and its 
network.  Plans start from just $29.95/month.
================================================================