Posts Tagged ‘Security’

Content Theft – What Can You Do?

May 3rd, 2013

In simple terms, content theft refers to the stealing or unauthorized usage of web content (both graphics and text) by another website. “Imitation is the sincerest form of flattery”? Certainly not in the case of content theft. Most content thieves steal content simply to fill space on their websites and attract traffic (think Google AdSense).

Content theft also damages your standings in search engines. Search engine consider duplicate content on multiple web sites spamming, which can result in a drop in placement on search listings or elimination from the search engine altogether.

To catch the thief

There are many tools available on the Internet that you can use to catch a content thief:

1. Google Alerts – Google Alerts are email reports of the latest relevant Google search results (including news, web, etc.) based on your choice of query or topic. You can setup an alert for your blog name or a unique phrase from your website.

2. Copyscape – Copyscape is a search engine to locate duplicated materials on the Internet. All you need to do is provide your URL and Copyscape will check whether text content found on the provided URL appears anywhere else on the Internet.

If you find a thief:

Once you have found a content thief, your next step is to preserve the evidence you have found. Often infringing sites are either altered or taken down once you attempt to contact the site owner, host or search engines, having a copy of the site for your records and to verify the infringing content will come in handy in case a dispute arises later.

As there are tools to help you catch the thief, there are tools to help you preserve evidence:

1. WebCite – WebCite is a service that archives web pages on demand and stores them in simple URL that you can easily access later without worrying whether the original web page is revised or removed.

2. Furl – Furl is a free social bookmarking website that allows members to store searchable copies of webpages and share them with others.

3. The Internet Archive – The Internet Archive preserve websites by taking regular “snapshots”.

Cease and Desist Letter:

Once you have caught the thief and preserved the evidence, your next step is to try and resolve the situation – contact the thief with a Cease and Desist Order.

A Cease and Desist Order is simply a “stop, or else face legal action” order. While a cease and desist letter can be sent by anyone, they are best written by lawyers.

Resources:

You can use Whois to find the site owner contact information.

Contact Host, Advertisers and Search Engine

A domain’s Whois data will also include the website’s nameserver, which you can use to look up the site’s web host.

You can send a copy of the Cease and Desist Letter to the site’s web host and advertisers. But to make a stronger case, you may also want to advise them of your attempts to resolve the situation with the site owner, including copies of the ignored Cease and Desist Letter. You may also wish to send a formal DMCA letter. The Digital Millennium Copyright Act requires hosts to remove infringing content once they have been properly notified.

DMCA Notice of Copyright Infringement – Sample Template

Contacting search engines:

Before you contact Google to report the infringing website, you have to make sure that it is indexed by Google. You can search a website if it is already indexed by visiting Google.com and type site:yourdomain.com. For example, if you want to see if Doteasy.com has been indexed, go to Google and type site:doteasy.com. If you see results, the website has been indexed.

Additional guidelines from Google:

The good-to-know’s of SSL and SSL Certificates

June 15th, 2009

Must-knows of SSL and SSL Certificates:

  • SSL, short for Secure Sockets Layer, is a protocol for transmitting private information via the Internet
  • SSL is all about encryption; some of us might even know that SSL uses two keys to encrypt data, a public and a private key
  • SSL is a must-have for e-commerce websites
  • We know we’re on an SSL protected page when the URL begins with “https” and there is a closed padlock icon on the browser

Now, let’s take a look at the good-to-know’s of SSL and SSL Certificates.

How does it work?

An SSL-encrypted connection is established via the SSL “handshake” process.

 

This process is transparent to the end user. The “padlock” icon in the browser and the “https://” prefix in the URL are the only visible indications of a secure session in progress.

 

By contrast, if a user attempts to submit personal information to an unsecured Web site (i.e., a site that is not protected with a valid SSL certificate), the browser’s built-in security mechanism triggers a warning to the user, reminding him/her that the site is not secure and that sensitive data might be intercepted by third parties. Faced with such a warning, most Internet users will likely leave the unsecured site.

What information is contained on an SSL Certificate?

An SSL Certificate contains the following information:

  • the certificate holder’s name
  • the certificate’s serial number and expiration date
  • a copy of the certificate holder’s public key
  • the digital signature of the certificate-issuing authority (ie. GeoTrust)

Does it matter if the encryption strength is 40-bit or 128-bit?

Encryption strength is measured in key length – the number of bits in the key. To decipher an SSL communication, one needs to generate the correct decoding key. Mathematically speaking, 2n possible values exist for an n-bit key. Thus, a 40-bit encryption involves 240 possible values. A 128-bit key involves 2128 possible combinations, rendering the encrypted data impossible to hack. In simple terms, the difference between a 40-bit and a 128-bit encryption is akin to securing your financial information behind a deadbolt vs. a bank vault.

But, the actual encryption strength on a secure connection is determined by the level of encryption supported by the user’s browser and the server that the website resides on. The majority of browsers support a 128-bit encryption. In other words, if you have the GeoTrust QuickSSL (up to 256-bit) on your website and your visitor’s browser supports 128-bit, information transferred between your website and your visitor’s browser will be encrypted with a 128-bit encryption.

How do I purchase an SSL Certificate? What do I need to know?

Doteasy is a reseller of the GeoTrust Quick SSL Certificate. We offer the 1 year QuickSSL certificate for US$159.

The most important thing you need to keep in mind is that the dedicated SSL Certificates are created to function with one unique domain name. For example, if the certificate is issued to the domain www.yourdomain.com, the correct secure URL will be https://www.yourdomain.com. A visitor going to https://yourdomain.com or https://shop.yourdomain.com will not see the padlock icon and instead will see a mismatch certificate error message.

I am not running an e-commerce website, do I still need an SSL Certificate?

SSL Certificates are used to prevent hackers from stealing private information. Here are the reasons why you should consider using an SSL Certificate even if you’re not running an e-commerce site:

  1. Keep your visitors information private – If you process sensitive data such as address, birth date, license, or ID numbers (ie. as part of a signup or login form), an SSL Certificate will keep your visitor information private and help ensure that their personal data is not stolen or tampered with (aka. identity theft)
  2. 2. Give yourself a competitive edge – A secure site will help you gain a competitive advantage over those who do not secure their customer data. Savvy customers will click away from a website when conducting transactions or giving private data if the site does not appear to have secure areas.
  3. 3. Help your site appear legitimate – An SSL Certificate will help your site to appear legitimate and trustworthy.

I have an SSL Certificate installed, but the padlock icon is not displaying in the browser?

This issue will occur if your webpage is displaying images, banners or scripts that are coming from a server that is not secured.

To resolve this issue, you will need to make sure all items on the website are secured.

  1. If frames are being used, ensure that the entire website is being secured, and not just the framed page
  2. If images are being used, ensure all images are secured (referenced with https:// prefixes rather than http://)
  3. Ensure scripts and codes (ie. JavaScript) are not being referenced from a non-secure source

Google Warns Visiting Your Website may harm Your Visitors?

May 1st, 2008

author: Kathy

Visitors search for your site on Google but instead of linking to your website, they are taken to a Google webpage that looks like this:

Google Website Warning

What does this mean?

Google has placed warnings in its search results for websites that has been tested and determined to host or distribute badware. If a Google user searches for a site that Google has determined to be potentially dangerous, they will see a warning in the search results.

To remove this warning, you will first need to identify the problem(s) that has caused Google to flag your site.

Identifying the Problem

StopBadware.org suggests checking the following on your website:

  1. Any software that you are offering for download.
  2. Links and codes/scripts on your website, including third-party hitcounter or statistics services. You can visit the StopBadware Reports and Badware Website Clearninghouse for information on the sites and software to which you link or are planning to link.
  3. Third-party ads displayed on your website. Make sure these ads do not link to bad software or badware-infected webpages.
  4. If you have a forum, blog, guestbook or user-generate content sharing area on your website, check all posted links.

Removing the Google Warning

Once you have identified and removed the problem(s) there are three ways to remove the Google warning:

  • Google periodically re-scans the sites it has previously flagged, so you can choose to wait for this re-scan. Unfortunately, there is no set schedule for these re-scans so we won’t be able to tell you exactly when Google will recheck your website.
  • You can submit a request for review through StopBadware.org.
  • You can also submit a request for review through Google Webmaster Tools.

Common Questions

1. Is it possible for someone to report my website to Google to place a warning on the website? (ie. someone is deliberately lying to hurt my business)

No, it is not possible for someone to falsely report your site to Google to have the warning issued. Google independently identifies sites that host or distribute badware. If a search for your site leads to a Google warning page, it means that Google’s testing process has determined that your site either hosts or distributes badware and may be harmful to site visitors.

2. Is it possible to learn exactly what caused my website to be flagged?

Unfortunately, Google has its own independent process for locating badware on websites. To preserve the integrity of that process, Google does not release detailed information about the results of its testing to the public at large. However, Google does offer information to verified site owners through its Google Webmaster Tools service.

For more information, you can visit Google Webmaster Blog on badware notifications.