Nathan Smith

www.960.gsDownload as a .pdf

Summary

If you know web development, chances are you know Nathan Smith. Aside from developing sites for Fortune 500 companies, Smith created and maintains the extremely popular 960 Grid System www.960.gs, an open-source project aimed at expediting the process of designing and building prototype page layouts. Web developers around the globe have quickly and efficiently used 960 GS to get a handle on designing their pre- and post-development websites.

Outside of running 960 GS, Smith's “day job” is with Fellowship Technologies www.fellowshiptech.com, where he designs user interfaces for the organization's Web applications. As well, he writes a lot of front-end code: HTML, CSS, and JavaScript. Off-the-clock, Smith shares his talent for Web development with non-profits, and he has had the privilege of working with some of the largest churches in the US. He also has a personal website, SonSpring www.sonspring.com, that is both an outlet in the form of a blog and a portfolio to display work that he has done with these non-profit entities.

Smith also runs a community site called Godbit (www.godbit.com), focused on educating Christian designers and developers on how to better utilize open source Web technologies to improve their respective ministries. The Godbit community site has more than 900 registered users. While not the largest forum out there, Smith wants to ensure its user accounts are secure.

Challenge

With so much time and effort poured into web development projects, Smith manages a significant amount of data online that needs protecting. Firstly, there is the given that his personal information and blog need to be secure. Nowhere as much as on the Internet is one's name inextricably tied to personal branding. A quick Google search turns up either a positive or negative consensus about your identity. One cannot be too cautious in ensuring that personal information is not at risk of theft or defamation.

Secondly, Smith has a responsibility to protect his clients. When doing freelance work, he typically creates a sub-domain for each client, which serves as a design and development sandbox. This beta site allows clients to review changes and improvements, while denying public access to the creative process. This environment affords peace of mind because Smith can keep clients apprised of progress, and the work they are paying for is not up for grabs.

Thirdly, the 960 Grid System community site and open-source project Smith runs is accompanied by a certain level of trust and public good-will. Even though he is doing the 960 project for educational rather than monetary gain, Smith feels a professional obligation to the site users – consistent up-time and trustworthy file downloads.

Hacked in the Cloud

Prior to hosting with FireHost, Smith was hosting sonspring.com (a CMS-powered Textpattern website ) and 960.gs (a static HTML website a CMS-powered textpattern website) with a very popular and publicly traded cloud hosting company. Smith moved these two sites there to test the waters, so to speak, while the majority of his sites – including godbit.com – were being hosted with a lower-end hosting company that looked good on paper, but struggled with security and up-time.

Smith's hope was that new company, which claimed to have a focus on scalability, would be the ideal secure host he had been looking for. Sadly, this was not the case, and in hindsight Smith considers himself lucky to have only moved over two sites to the cloud.

Both sonspring.com and 960.gs were hacked, and the miscreant(s) left behind a rather nasty back-door PHP script. The script allowed the hackers to change file and directory access permissions, and with administrator privileges, they had carte blanche to add numerous bogus links to undesirable websites at will. This type of cyber crime has been called a SEO Bot Hack, and it is one of the most difficult attacks to detect because the outgoing links and images are not visible to humans who visit an infected website. Designed to artificially boost page ranking for the nefarious sites, the scrip serves up different content to Google's and other search engine spiders. Additionally, the 960.gs site was forced to serve up files crippling to PC users. To make matters worse, all the links out from his sites damaged Smith's natural SEO ranking since his sites were now considered “link farms” when the search engine spider visited either site.

Often, it takes a long time (weeks or months) for website owners to realize they have been compromised, and cleaning up after a SEO Bot Hack is no small feat. Even after Smith became aware of the intrusion, it took him quite a while to purge his sites of all spam and malware, and longer still to clear himself from a blacklist shared by multiple search engines.

Smith spent countless hours explaining what had happened to various tech support agents at his hosting provider. Perhaps the most disconcerting responses he received along the way were something along the lines of:

"Oh, this is a fairly common script-kiddie [amateurish] exploit. You needn't worry too much about it." and "This was not a professional hacker going after you or your sites with specific, malicious intent."

According to Smith, "While I am sure the tech support guys meant well, these assurances were anything but comforting. I now felt even more at risk, because if a hobbyist hacker could do this much damage, what could a seasoned cyber criminal do with an open security hole? I felt as though I had caught a stray bullet in a random gunfight, but was being told, 'Don't worry, at least it wasn't a sniper aiming for you.' Worst of all, the cloud hosting company couldn't tell me how the intruder(s) gained access to my sites, or that it couldn't reoccur."

Solution

After this experience, Smith moved all of his sites to FireHost. After properly digging into the intrusion data, FireHost's engineers were able to offer step-by-step instructions on how to secure the sites and the data they contained. FireHost put together a protection package customized for all of Smith's needs. The secure hosting package included everything from segmented SFTP accounts per domain, to application level firewalls, to weekly security audits. "Talking with FireHost's experts about what was being done to protect my personal and client's sites from a detailed perspective gave me the peace of mind that I needed."

Since consolidating his sites on a secure cloud server with FireHost, Smith has encountered no intrusions or attacks. FireHost provides detailed reports so Smith can see the threats that come at his sites, and the company goes so far as to explain how they are dispelled. Smith found that moving his sites over to FireHost was an abnormally easy and smooth transition. Additionally, uptime on his sites has been superior, providing a valuable, high-end experience for site visitors.

"What I like most about FireHost is that security is their standard and passion. All of FireHost’s great protection solutions are included rather than being costly add-ons. The company takes the initiative to provide the best protection available to every client rather than passing the burden of (in)security on to the consumer. It's been said that you get what you pay for, and when it comes to website security, FireHost is worth every penny."

Visit Nathan Smith's websites:
www.960.gs
www.sonspring.com
www.godbit.com