Are Your Websites Up to Date?You can keep track of what versions of concrete5, Drupal, Joomla, Magento, MediaWiki, Moodle, PrestaShop, Revive Adserver, TYPO3, SPIP, WordPress, and Zen Cart are running on all of the websites you manage with our Up to Date? Chrome app.
Search This Blog
- Behind the Scenes of a Hack That Causes a Website to Redirect on Mobile Devices
- Sucuri Security Uses Bad Data to Try to Scare People into Using Their Service
- This Is Not a Remote File Inclusion Vulnerability in WordPress 4.2.2
- The Slow Pace of WordPress Plugin Vulnerabilities Getting Fixed
- SiteLock Also Managed to Break a Website
Web Software Updates
WordPress VersionWe are running WordPress 4.2.2 and despite what many supposed "security experts" claim letting you know what version we are running does not make us less secure.
Did We Make a Mistake?While it seems to be acceptable for blogs discussing web security to contain numerous factual mistakes, we hold ourselves to a higher standard. We only write about things that we actually understand and only after we have double checked the information. So if you see a mistake in one of our posts please leave a comment on the post or contact us so that we can add a correction.
Category Archives: Google
Recently we wrote a post on how Google was placing bad instruction for upgrading Zen Cart directly in the search results. We have run across another example of where Google isn’t providing a good answer. If you do a search for “Magento PHP 5.5″ currently you get the following answer above the normal search results:
Unlike the Zen Cart upgrade example, the information isn’t wrong, it just out of date. If you following the link referenced in that answer you are taken to the Magento System Requirements page which now lists the latest version of Magento, 1.9.1, as being compatible PHP 5.4 and 5.5 (as we mentioned in a previous post, as of Magento 1.9.1 the bare minimum it will allow being run on is 5.3.0).
The Magento System Requirements page was the first result when we did the search:
So excluding a direct answer would have produced a better result in this case (by comparison the page Google took their answer from was ranked 7th).
In the last several weeks Google has begun to show “This site may be compromised.” warnings, for websites they “believe may have been hacked or otherwise compromised”, in their search results. According to Google’s article about of the warning they have been added “To protect the safety of our users” and they recommend users “should be careful about providing personal information to the site” being flagged.
In the past when Google has detected websites they believe to be hacked and violate their Webmaster Guidelines, they have removed the websites from their index and placed a “Notice of Suspected Hacking” message in their Webmaster Tools to let the webmaster know. It’s unclear at this point if Google has replaced doing that with the new warning or if the warning is only for websites that have been hacked in such a way that does not warrant being removed for their search index. Unlike the malware warning (“This site may harm your computer.”) Google places in their search results, which sends users to an interstitial page when they click search result for an affected website, users are still able to directly access the website.
For websites which display the warning, after the hack has been removed reconsideration needs to be requested from Google to have the warning message removed. According to a post by Google employee John Mueller “These requests are processed fairly quickly (usually within a day, though it’s not possible to give an exact timeframe). “
Since June, Google has provided hosting for files used in attempted hackings of websites through an account with their Google Sites services. A listing of all the files hosted is available at http://sites.google.com/site/nurhayatisatu/system/app/pages/recentChanges?offset=25. Some of those files are used in remote files inclusion (RFI) attacks which seek exploit vulnerabilities in software that allow remotely hosted files to be be executed. If the attacks are successful modifications are made to website that place spam or malware on the website, or allows the hacker remote access to the website. Attempting hackings utilizing these files have occurred at least as recently as three days ago. We have reported this to Google using the “Report Abuse” link multiple times but the files have continued to remain up.
Google Suggest, the feature in Google search that suggests search queries based on what has been typed into the search box, now displays localized search results in the US. The results will be localized by region, Country specific localization was introduced last year.
Google has significantly increased the amount and depth of the data they provide for in the Top Search Queries feature in their Webmaster Tools. The data was previously limited to the top 100 queries, it now displays a much larger sampling of queries. The data previously only provided the percentage of impressions and clicks that each query had. The data now includes the number of impressions and clicks broken down by the position of the query in the search results. The data shown can now be restricted to specified periods of time instead of set intervals set by Google. Finally, they have also added a chart that displays impressions and click for the currently active data set.
Google today announced that several weeks ago they began factor the speed that a website responds to web requests into search rankings. Site speed is not currently a significant factor with “fewer than 1% of search queries are affected by the site speed signal” according to Google. Site speed is also only currently factored in searches preformed on Google.com in English. Google did not say exactly how they determine page speed, only saying that they use a “variety of sources to determine the speed of a site relative to other sites.”
According to Nielsen’s US search share data for February, Microsoft’s Bing search engine gained 1.6 point of search share during the month. Bing gained a point of market share in the previous and their market share reached 12.5 percent this month. Google’s share was 65.2 percent, 1.1 points of search share less than the previous month. Yahoo’s share was 14.1 percent, a decrease of .4 points from the previous month.
Google has announced that they will begin displaying “Notice of Suspected Hacking” messages in their Webmaster Tools when they detect that a website has potentially been hacked. The messages will provide example URLs of the hacked pages, next steps for fixing the issue, instructions on getting back into Google’s search results after the issue has been fixed. Google will also being added notifications of spammy or abused user-generated content and abused forum pages or egregious amounts of comment spam. Once you have signed up for Google’s Webmaster Tools you can instruct Google to forward these messages and other messages, including malware notifications, to an email address you select.
According to Nielsen’s US search share data for January Microsoft’s Bing search engine gained a point of search share in January, increasing its share to 10.9 percent. Google’s share was 66.3 percent, a point of search share less than the previous month. Yahoo’s share was 14.5 percent, an increase of a tenth of point over the previous month.
Google’s Chrome continues to gain market share according to Net Applications data. It market share has increased 3.7 percentage points to 5.22 percent from the year ago period. Last month it surpassed Apple’s Safari as the third most popular web browser behind Microsoft’s Internet Explorer and Mozilla’s Firefox. Internet Explorer market has continued to decline. In the last year it last 7.2 percentage of points, though it continues to have the highest market share with 62.12 percent share. January mark the first month that Internet Explore 8 was the most popular version of Internet Explorer. It had a market share of 22.37 percent, version 6 had a market share 20 percent and version 7 had market share of 14.53.