How to prevent spammers hijacking your servers

3 top tips to prevent spam hacks on your company website

Disclosure: Just so you know, we may sometimes earn a small commission from affiliate links on this site.

There's nothing worse than finding out your business website has been hacked and is being used to send out bulk emails, spam visitors, or spread malicious software.

If it hasn't happened to you, don't fall into the trap of thinking that this scenario is something that happens to other people. Spam hacks are absolutely rampant.

Fortunately, the business model of spammers requires them, more often than not, to automate their hacks to seek out vulnerable Web servers and sites, because they have to do things on a huge scale to turn a profit.

This means that by taking a few easy precautions you can secure yourself against all but the most devious, aggressive, and relentless of attacks.

Remember that no site is ever 100% secure, so you always need to vigilant - no matter what Web platform you use. But, the following tips should at least ensure that you aren't a "soft target".

1. Secure your mail server

Vulnerable mail servers can be tricked into forwarding on emails that don't necessarily originate from your site. This means that spammers can use a distributed bot net to force your mail server to send out massive amounts of spam.

What's worse is that this spam mail essentially looks like it comes from you, and this can really harm your reputation. It can also get your mail server blacklisted or shut down, which in turn can affect your ability to email clients and customers - not to mention chew up bandwidth and affect the performance of your server.

Check the state of your domain's mail server using something like MXToolBox's SuperTool, which will help identify potential problems (i.e. your server is an open relay).

Always access your mail accounts securely - it should not be possible to send email via SMTP without providing a valid username and password.

In addition, many VPS and dedicated Web hosts offer Webmail clients that require you to enter a username and password into a Web form. If this is not done over HTTPS, it means that hackers might gain access to your email accounts.

Enabling DKIM and SPF adds authentication, and on a decent Web hosting account with cPanel, this can be as easy as clicking Enable DKIM and Enable SPF.

You'll have to speak to your Web hosting company if these features aren't available via the admin panel - consider upgrading to a better host or plan if not.

Digitally signing and verifying emails with DKIM and SPF also increases the trust associated with your domain, and this means that company emails going out to Hotmail. Yahoo, and gmail addresses are more likely to be delivered - instead of being sent to trash by their spam filters.

2. Secure ALL access devices

All the security in the world won't prevent your Web server or mail from being hacked, if the methods used to access the site aren't secure too.

One of the most common ways for hackers to gain entry to mail accounts (or any other account - like the database admin, or file system) is to plant malware on vulnerable devices to harvest login data.

Accessing your email from an Internet cafe, home PC, or via your mobile device may be all the opportunity a hacker needs to grab that login data. Once they have it, they have complete access to whatever accounts you do, and can do all the same things you can.

Look at where and how you access sensitive information, and make sure that communications between those devices and your server are secure. This means ensuring that you login over HTTPS (don't transmit your senstive data in clear text).

Make sure each device has security measures in place to prevent malware, worms, viruses, and so on. A good place to start is by downloading and installing a decent anti-virus package. I use Avast, which is freely available.

3. Implement disaster recovery

Ok, so disaster recovery may not prevent a hack, but it does prevent long term damage that would otherwise be the net result of a spam attack.

Because malicious software can be so insidiously designed as to render an infected site essentially useless for the rest of time, it is important to be able to wipe the slate clean and start again.

Being hacked is not always a case of finding out what went wrong and fixing it. Nasty code may lurk unseen and dormant for days, weeks, or months, before resurfacing to cripple the site once again.

Make sure that your site is regularly backed up - preferably to a different server (in case the current server dies suddenly). A hack that completely wipes out your file system and database then causes no more damage than the down time it takes to reimplement the backup.

Many hosting companies offer integrity assurance software that can help detect when and if files are created or modified when they shouldn't be. So if something like the Gumblar virus edits your .htaccess file to redirect Web traffic from Google to a porn site, you will know about it.

Early warning systems can help detect an intrusion or malicious hack, allowing you to identify the problem early, and implement disaster recovery procedures.

Remember, there is no point in reinstalling a vulnerable system. Hackers will simply hack it again. It is important to understand what went wrong, and, at the very least, reset all passwords.

While the above tips won't necessarily keep you safe from every threat out there (for example, most small business sites are susceptible to DDoS attacks), they will help your company cope with many of the commonplace, automated spam hacks.

What other easy-to-implement security procedures do you put in place? Share your tips in the comments.

A look at the latest trends in business technology

Starting and running a successful small, home or online business these days means that you are going to have to rely on technology to handle most things - if not everything.

There isn't a single aspect of the modern business that doesn't have software, online software, cloud solutions, or innovative hardware and gadgets to save time, streamline processes, maximize efficiency, and save on costs.

The problem, especially for first time business owners, is knowing which technology is the right one for your company, and how to use it effectively to ensure that it provides value and/or good returns.

Grumpy cat Internet sensation

In case you haven't already heard, there's a little kitty out there with feline dwarfism that earns more than you do.

Grumpy cat, according to Wikipedia, seems to be raking in millions of dollars, and this might strike you as odd given how difficult it is to start a successful enterprise these days.

Intro to cloud technology

Among their top 3 challenges, according to most business leaders, is the ability to keep pace with new technology - like the cloud.

Being able to understand what new technology offers and how to use it to increase productivity and maintain competitiveness is not easy, because technology moves moves faster than our ability to keep up.

Small businesses, in this regard, have a distinct advantage over larger ones, and we might well be entering an age where small companies start out-competing big ones because of technology.

Giving away free stuff can help grow your business

Here are some great ideas that incorporate free stuff (products and services) in order to generate trust, improve revenue and grow your business.

Most consumers like getting free stuff (especially online consumers), so giving away a valuable free offering can help to drive traffic, generate buzz, earn trust, and make money.

This article will give you five great ideas for free product and service offerings that you can integrate into an existing organization or use to help grow a startup.

Unusual work from home business ideas

Selling online is getting easier and easier every day, from a technical point of view, because the technology to handle online transactions (like online

A list of high paying work from home jobs

Ever wondered just how much you can earn in a career working from home?

Furnish your home office with one of the top 10 computer desks (for any budget)

Choosing the right computer desk for your home office can be a tough decision to make because you need something that will fit your personal taste and exist

Our favourite blogs for entrepreneurs. Pic by jakeandlindsay

Despite spending most of my time working on my own startups, I find myself drawn to reading about what other people are up to, or making use of - whether it

Inspirational entrepreneur quotes

Life as an entrepreneur can be extremely tough, which is why it is important to sometimes pause and listen to inspiring quotes that keep you going.

Tips on how to prepare for a meeting with big clients

Recently I was fortunate enough to attend a meeting between my startup and one of the largest logistics companies in the country - so that we could pitch our new service.

The size of this client would almost be sufficient to reach sustainability and profitability in one go. Obviously landing a whale in your first pitch as a new startup is the ultimate dream come true, but it can be hard to turn it into reality.

The meeting went ok, but there were some hard lessons learned about how to pitch big corporate clients that my partners and I took away from the experience.

Top startups that have used crowdfunding succesfully

Crowdfunding is a relatively novel way for startups and entrepreneurs to raise money to support their fledgling companies - and sometimes it actually works.

Fiverr Gigs that help online businesses

Fiverr is an online marketplace offering a huge range of services (from the sublime to the ridiculous) that startups can utilize, for only five dollars.

If you're wondering what service could possibly offer any value for only $5, then you are in exactly the same boat I was.

Most of the services (called gigs) that are available on fiverr are probably not even worth the five bucks they charge. But, if you are willing to dig a bit deeper, there are a few gems that can save you a lot of time and money.

Back to Top