Just to shed a bit of light on this:
My wife and I own HyperGold.com, a web development and hosting company in California. All day,every day and every night, our server is under attack by hackers. It has nothing to do with vandalism, as some people think (although Internet vandals do exist, and do target specific websites for bragging rights). Aside from those few, highly-publicized ANONYMOUS-style hacks, where the hackers are trying to make a point of some sort (as if the rest of us care about their opinions), these non-stop hacking attacks have one purpose: to take command of our server. Why? To use it to make money. This is true even of the Chinese state-sponsored hackers.
What is the easiest path into a hosting server? Through a public forum or other variety of membership-based, open source website (JOOMLA, Drupal, WordPress, etc.). This is because (a) the code that these sites are built on is open source, meaning the hackers can reverse-engineer it to find security flaws, and (b) in order to have a membership-based website, the restrictions normally in place for a static, private site are necessarily looser. Without those looser restrictions, members would not be able to log in, post, edit their profiles, forget their passwords and have new ones emailed to them, etc.
The only way to guard against these !*^R&^*&*hole hackers is to have the website maintenance folks (often a single individual such as Martin) stay constantly on guard, always on the lookout for new versions of hacker crap prybars trying to break in. The hackers are always one step ahead of the open source development community, because they find these vulnerabilities and exploit them, and then it takes a while for the administrators to find out that it's been going on in a new and exciting manner than last time. Then the development community scrambles to close those doors, releases a security update, and then the poor administrators (who just want to, say, build model boats) have to drop what they're doing, clean the glue off their hands, and apply the updates.
Meanwhile, the hackers have been using the server as a conduit for porn, spam and gods know what else, and guess what? The website - or even the entire server - gets blacklisted across the Internet, and that means that email sent to, from and through that server or website stop getting delivered. At the same time, the website administrator gets a warning from his/her ISP to fix the problem immediately, or get shut down. This warning comes, often, from the ISP's ISP (everybody has one.), and it's a chain reaction, all he way up to Mount Olympus, where the Internet gods bowl with our heads.
Finally, the bonus question: What's the easiest way for hackers to gain entry to a server through a website like Model Boat Mayhem? [drum roll, please]
Give up?
The answer to the question is: by hacking the members' computers. How? By relying on the fact that we're a bunch of lazy "xxxxx" who just want to play with toy boats, and who can't be bothered with keeping our anti-virus and anti-malware software up-to-date - that, and the fact that we get taken in by offers too good to be true, click on links to websites we've never heard of, and can't resist opening attachments - especially when it's something wrapped in patriotism, our particular religious dogma, political causes we espouse, hobby-related offers and deals, and so on. Some of those wonderful opportunities are pathways into your operating system, where you have all of that nice information on your accounts, usernames, passwords, and address books.
If this sounds like you, take some steps to help Martin out (and yourselves, too) by following these simple steps:
- Use a program like Norton 360 to scan your computer regularly for viruses. Keep the software up-to-date by checking it regularly for missed updates.
- Use a program like Malwarebytes to scan your computer nightly for malware, which are small programs that install themselves on your computer, and may do nothing more than steal your address book, or record your keystrokes, so that every time you log on to a website like this one, it sends your username and password to somebody in the Ukraine. Keep the software up-to-date by checking it regularly for missed updates.
- Never click on a link to a website you've never heard of, even if the link is in an email from a friend. Instead, copy the link, and Google it by pasting the address into the Google search window.
- Never open attachments that come with an email, even if it's from a friend, unless you know absolutely 100% for sure that it's legitimate, and virus and malware-free.
- Never respond to spam, even if you think you have something devastatingly witty to say. He will simply add your email to his "confirmed" list, and sell it.
- Never, ever, "pass along" emails that urge you to pass them along to all of your friends and family. Chances are that you are passing along viruses and malware to your friends and family.
- Never, ever, click on a link to update your information on any financially-related website. No legitimate company will send out such an email, so you can be certain that it's not your bank, eBay, Amazon, or Model Boat Mayhem asking you to do it - even if it looks like it is.
- Finally: No friend or family member is going to email you with a request for money, because he/she has been robbed and is stuck in a train station in Istanbul or Athens. Friends or family members who get robbed and are stuck somewhere are going to call you, charges reversed, because they have no money, no computer, no smart phone, etc.
Sorry for the epic length of this post, but I hope it helps someone.
Rob