I think that many of us have become jaded to the thought that somebody might simply be willing to offer helpful advice. We have encountered too many phone calls from telemarketing scam artists, often alleging that they are calling from either Microsoft or Google, when they are really only trying to get their hands on our credit card numbers. It seems unlikely that anyone might be willing to offer assistance without some sort of strings attached. Well, that might not always be the case.
During the course of my work, I frequently encounter websites that are infected with malware or a virus, have forms or other content that are not functioning properly, or are entirely disabled. There are even instances when search results on Google will warn users either that “This site may harm your computer” or “This site may be hacked.”
I encounter these sites most frequently when checking for potential outgoing links – typically area attractions or local tourism districts – to be added to my clients’ websites. I also frequently encounter these warnings attached to do-it-yourself websites, where the webmasters have no knowledge or understanding of server security issues. Google provides several useful resources that will guide webmasters through the recovery process in these instances, but a quick glance will immediately suggest that anyone other than an experienced server administrator will be way out of his league and will be quickly sinking in quicksand.
Malicious content on websites goes hand-in-hand with browser security vulnerabilities, making it all that much more important for computer users to install the latest browser security updates. Between January 26 and April 26, 2016, the Mozilla Foundation has reported 48 security vulnerabilities affecting its Firefox browser – including 15 critical vulnerabilities – that have been patched by security updates … but only if users install those updates. Critical vulnerabilities are defined as vulnerabilities that “can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.” As you can probably deduce, some threats are specific to users of certain browsers, especially outdated versions of those browsers. Sound scary? Absolutely!
The accompanying graphic shows a collage of just a few of the screen shots of warnings that have been displayed on my computer when clicking through to hacked websites. I have blurred out the website URLs in order to avoid embarrassing the site owners.
I have often called the businesses or associations that own such infected websites, feeling socially responsible to inform them of the problems and explaining that they could be infecting significant numbers of visitors to their sites. In almost every instance, I encounter denial at the other end of the phone, am told that “nobody else has mentioned a problem”, or get brushed off with “we will tell our webmaster” before they hang up the phone. Never once has anybody thanked me for calling a problem to their attention.
If somebody calls you to report a problem with your website, take a moment to listen. Be cautious, if not suspicious, since most of those unsolicited calls are scams; however, at least do yourself the favor of soliciting a second opinion from somebody knowledgeable who you know you can trust.
This post was written by Peter Pelland