If it seems like we’ve been focusing on security lately, it’s because we have been. After we got hacked a few weeks ago, we took extra steps to lock down the site. From plugging the initial vulnerability and removing the intrusion, to running scanners to make sure the site was clean, to installing a WordPress plugin to notify us if any file on the site is changed, to turning on two-factor authentication in Gmail so site passwords couldn’t be comprised via email, we’ve been extra-cautious. Perhaps no site is secure when faced with a determined hacker, but you can ever be too safe. One more tool that you can use on your own site, or to check the malware status and history of other sites, is Google’s Safe Browsing Diagnostic Tool.
To test a site using Google’s Safe Browsing Diagnostic Tool, append the site address to the following link in your browser’s address bar, and visit the new link:
So, for example, to check 40Tech, you would enter this address:
Here is a sample of what you get back:
As you can see, you’re provided with four pieces of information:
- The current status of the site, including whether the site is currently suspicious, and whether it was listed for suspicious activity in the last 90 days. For 40Tech, you’ll see our hacking incident from last month listed;
- What happened when Google visited the site, including the amount of malware that was discovered in the last 90 days, and the last time that suspicious activity was found. You’ll also see some details about any suspicious activity that was found, and the name of the host where the site is located. For 40Tech, you’ll see a description of what was found back on August 20, 2011, and that the site has been found to be clean ever since;
- Whether the site acted as an intermediary resulting in further distribution of malware in the last 90 days; and
- Whether the site hosted malware in the last 90 days.
Sort of like watching a car wreck, I find it interesting to plug different sites into the tool, and see what results come back. Has your site ever been hacked? What steps do you take to secure it?