Best practices for keeping your website safe
Technical Articles ID:
KB53370
Last Modified: 2/24/2022
Last Modified: 2/24/2022
Best practices for keeping your website safe
Technical Articles ID:
KB53370
Last Modified: 2/24/2022 EnvironmentSiteAdvisor Enterprise 3.5
SiteAdvisor Enterprise Plus 3.0 SummaryNOTE: The SiteAdvisor Site Rating is our opinion of a site's reputation. The site rating is based on several attributes that, according to us, provide the best indication of a site's reputation over time.
Precautions for website owners The following list isn’t comprehensive and doesn’t guarantee a Green site rating. The list provides guidance for site owners on best practices for preserving the reputation of their sites. Hosting files for download You’re considered responsible for programs that can be downloaded from or via their sites. You must perform checks, such as scanning programs using reputable antivirus scanners, before making the program available. One option is to upload the program to VirusTotal. VirusTotal is a free service that scans the program and provides detection information from antivirus software vendors such as McAfee Enterprise. You must also be cautious about malware that might not be detected by an antivirus scanner until the program has been installed. Removing potentially dangerous programs includes removing the links to the program and deleting the program from the site's public servers. Removing only the link might be insufficient because users might still be able to access the program. Email practices You’re responsible for what happens with information, including email addresses, submitted to the site. The site's security and data handling practices determine how well user information is protected. Poor data handling practices can cause users to receive unexpected email. Examples of poor handling practices include the following:
The email test used by SiteAdvisor technology is an action result test. The action is providing a unique email address to forms found on the site; the result is counting the emails sent to that address and scoring those emails for spam-like characteristics. The email test doesn’t try to identify the source of the spam; it simply notes that the unique email address provided only to that site is receiving spam.
Browser exploits You must routinely monitor their sites for browser exploits or content that tries to control the user's computer in an unauthorized manner. You must make sure to follow best practice change-control and content-management procedures. This step allows users to know when files change on their sites. You must be suspicious of any files that change outside of the accepted processes. Other best practices include routine security assessments of sites. These assessments must be used to check and patch vulnerabilities in software, such as the operating system, web server, database, and application server. A good place to start for security best practices is on the Open Web Application Security Project. Online affiliations Links to external domains are a powerful tool for you to connect to partners and customers. It also improves the site's position in search engine results (Google, Yahoo, and so on). Linking to other sites on the internet can be seen as an endorsement or collaboration between the linked sites. Malicious site owners use these relationships to their advantage by creating their own safe sites or using the links posted on third-party sites to drive traffic to a specific location. This technique can drive traffic to risky sites from a site that is otherwise benign. You must periodically review the sites they link to using SiteAdvisor or other sources. Annoyances or grievances Pop-up windows allow you to get a user's attention, and are often used as an advertising tool. Pop-up windows are often considered a nuisance by users. You must strictly limit the number of pop-up windows or windows that open when users visit the site. Pop-up windows can also be used to deliver malware to site visitors or to drive traffic to malicious sites. When using certain advertising companies and tools, you might not be in full control of how many ads are shown or of the exact content of these ads. You must present to your users only content that is under your control or content from trusted third parties that have strict controls in place. E-commerce or scam When your site hosts promotions or links to promotions from other sites, you must pay attention to the product offering. For example, promotions can be considered misleading in the below situations:
Some promotions are malicious. Examples include free offers that collect personal information and sell or use this information in ways other than what the user understood.
Site owners must be mindful of the product being offered and how their users might interpret the promotion. The following free tools are available from SiteAdvisor to help site owners understand site ratings and better protect their users.
Related InformationFor more information, see the related articles below:
Previous Document ID (Secured)
616159
Affected Products |
|