Skip to Main Content

Check for XSS Exploits

Posted on 6.16.2008

Matt Cutts, the head of Google's Web spam team, mentioned on his weblog today that you might want to check for XSS holes on your website, especially from "freeform text input such as search boxes." Scary, huh? It gets worse. Cutts mentioned that even large sites can have issues with XSS.

From the Cutts post: If you’ve noticed that your rankings in Google seem to be affected, you might consider a few searches on your site to see if anyone has injected spammy or porn content on your site. If your domain was example.com, you might want to run a few queries such as [site:example.com porn] or [site:example.com biaxin] or [site:example.com viagra] to see whether you run across unexpected results.

Cutts made an addition to the post encouraging readers to change their admin password if they update their WordPress installation, as "sometimes hackers are smart enough to save your password and come back even after you've fully patched your system. Sounds like a good idea - for any database-driven site. One commenter on the post referenced a simple little solution called Firewall Script which I've heard of before. The solution stops SQL inhections, XSS, directory transversals and cookie poisoning. The solution sells for $120.00 US.

WebsiteMagazineMiniLogo
Today's Top Picks for Our Readers:
Recommended by Recommended by NetLine

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up

 

Leave a comment
    Load more comments
    New code
  •    
      

      
    ACCELERATE YOUR 'NET SUCCESS:

    Request a PRO-LEVEL Subscription to Website Magazine and receive a free copy of our new book SEO 360.

    wm-monthly-plan

    The Ultimate Guide to Personalization

    Kibo