Decoding Egypt's 10 web woes: from hijacks to hosting hitches

Egypt Business analyses the digital marketing of the 500 most prominent Egyptian enterprises. This paper is #5 of a series of papers on digital marketing in Egypt.

Within the framework of an extensive scientific research initiative, the online presence of the 500 most prominent Egyptian enterprises is currently being systematically analyzed. Herein, we present 10 preliminary findings from this research study:

• Some companies still do not have a website.
• Many have a subdomain instead of a professional domain
• Payment issues lead to the loss of the domain or
• Payment issues lead to a temporary deactivation of a domain
• Some domains have been hijacked
• Warning: Visiting the website bears a possible security risk
• Visiting the website is forbidden in some cases
• 14 percent of websites can’t be reached
• Old websites are not redirected
• 20 percent of websites are not secure
  
  

Many companies undervalue the significance of having a dedicated website, often resorting to subdomains which can compromise their image and scalability. Concurrently, security lapses, including website hijacking and expired certificates, are prevalent, endangering both businesses and users. 

Technical issues and misconfigurations further exacerbate the problem, limiting the accessibility of many Egyptian sites in Western regions. A holistic approach to digital best practices, encompassing security, user experience, and technical proficiency, is urgently needed for these enterprises to fully harness the potential of their online platforms.

The unfavorable impressions of some Egyptian websites are all the more puzzling given the abundance of excellent digital marketing agencies and internet service providers in Egypt. These agencies are eager to assist businesses in developing websites that promote exports rather than hinder them.

Some companies still do not have a website

Not all Egyptian companies have yet recognized the importance of having their own online presence to tap into new export markets. Some firms still believe that a simple page on predominantly American-dominated social media platforms is sufficient. However, for the reputation of a professional company, having a dedicated website is indispensable today to effectively showcase the strengths of their products and the full scope of the company's services.

This company has no website and redirects its domain www.riadco.com to Facebook

A subdomain is not as good as a domain

Registering a subdomain instead of a dedicated domain name for a company can have several disadvantages:

Professionalism and Branding: A dedicated domain (e.g., companyname.com) generally appears more professional and is easier for branding purposes than a subdomain (e.g., companyname.provider.com). A dedicated domain name suggests that the company is established and has invested in its online presence.

Search Engine Optimization (SEO): Search engines treat subdomains as separate entities from the primary domain. Therefore, any SEO efforts on your subdomain might not benefit the main domain, and vice versa.

Limited Control: Companies might not have full control over their web hosting settings, security configurations, and other technical aspects when using a subdomain, especially if it's hosted on a platform that provides free websites.

Perceived Credibility: Users may perceive a business that operates on a subdomain as less credible or less trustworthy compared to one that has its own dedicated domain.

Transfer Difficulties: If a company decides to move its website to another hosting provider, transferring a subdomain can be more complex and might involve downtime.

Growth and Scalability: As a company grows, it might outgrow the capabilities offered by the platform providing the subdomain. Transitioning to a dedicated domain later might involve more work and potential disruptions.

A .co.com domain is not advisable for a professional company

Payment issues lead to the loss of the domain

Typically, three parties are involved in the operation of a website. Firstly, the company itself, which independently acquires and manages its domains, though this process is often facilitated by an Internet Service Provider (ISP). It is advisable for the ISP to be based in the company's home country and to accept payments in the local currency. The ISP bears legal responsibility to ensure domain fees are properly paid. The third entity is a design agency, responsible for the website's design, and often also handles hosting. Hosting involves providing the necessary technical infrastructure, such as a Content Management System (CMS) and a server. This can be ensured either by the ISP or the agency.

Regrettably, numerous Egyptian companies have had unfavorable experiences with unreliable service providers in the past. In some instances, this stemmed from domain fees not being settled on time. After multiple warnings and reminders, some ISPs might put the domain up for sale. The value of such a domain can easily reach into the four to five-figure dollar range.

This company lost its domain which is now for sale

Payment issues lead to a temporary deactivation of a domain

Before a possible sale of a domain, it's often temporarily deactivated by the Internet Service Provider (ISP). This temporary deactivation typically serves as a means to notify the domain owner about outstanding dues or other pressing concerns. When a company finds itself in this situation, it usually has an advantage: The domain hasn't been permanently sold, and there's typically an opportunity to resolve the issue by settling the unpaid bills or by clarifying any misunderstandings.

In such cases, it's strongly recommended to immediately reach out to the ISP. The discussion shouldn't only revolve around the pending payments but should also ensure that all future communications from the ISP are received promptly and clearly, to avoid such incidents in the future.

Example of the temporary deactivation of a domain

Domain has been hijacked

When referring to the "hijacking" of insecure websites, it typically means the redirection of internet traffic. An attacker can divert the traffic of a website to another, often malicious, website. This can happen in several ways:

DNS Hijacking: In this method, the attacker manipulates the Domain Name System (DNS) entries to redirect web traffic to a different IP address, usually to a server controlled by the attacker.

Session Hijacking: Here, an attacker steals a user's session ID, granting them access to the ongoing session and allowing them to act as that user.

Man-in-the-Middle Attacks (MITM): In this approach, the attacker intercepts communication between two parties and can read, modify, or forward data. This becomes especially problematic when dealing with sensitive information such as passwords or credit card details.

Pharming: In this scenario, users are redirected from legitimate websites to fake ones without the knowledge of either the user or the owner of the legitimate site.

Insecure websites are particularly vulnerable to such attacks, especially if they don't use a secure HTTPS protocol or if their software and plugins are outdated. Hijacking websites can be used to spread malware, conduct phishing attacks, or steal data.

Therefore, it's crucial for website operators to regularly update their sites and follow security best practices to prevent such attacks.

Example of a hijacked domain

Security certificate is expired

A security certificate, often referred to as an SSL/TLS certificate, is a digital document that ensures the authenticity and security of a website. It verifies the ownership of a website, confirming its legitimacy to visitors and helping prevent potential deceptive attacks. Moreover, the certificate facilitates the encryption of data exchanged between the website and its visitors, ensuring sensitive information, such as personal details or credit card numbers, remains confidential.

The process begins when a website owner requests a certificate from a Certificate Authority (CA). After the CA verifies the website owner's identity and domain ownership, it issues the certificate. When users visit the secured website, the website presents its certificate, and the user's browser checks its validity. If deemed valid, an encrypted connection between the user's browser and the website is established.

Recognizing the importance of data privacy and security, especially for sites handling sensitive data, it's crucial for them to possess a valid SSL/TLS certificate. Most modern browsers indicate such secure connections with the "https://" prefix and a padlock symbol in the address bar.

Visiting such a site could pose significant security risks. Attackers could exploit vulnerabilities and attempt to steal sensitive information like passwords, emails, or credit card details. Hence, it's of utmost importance for businesses to regularly review and update their websites to ensure the protection of their customers and their business operations.

Website bears a possible security risk because certificate is expired

Visiting the website is forbidden

A 403 error, commonly referred to as "403 Forbidden", indicates that access to a website or a particular resource is denied due to insufficient permissions to display it to the user. This error can arise for various reasons:

Permissions: File or directory permission settings on the server might be inappropriate. For instance, some servers might deny access when file permissions are set too permissively.

.htaccess Rules: On Apache servers, rules within the .htaccess file can restrict access to specific files or directories.

Ownership Restrictions: Some web content might be set up so that only particular users, e.g., through specific login credentials, can access them.

Server Configuration: Incorrect configuration settings on the web server can trigger a 403 error.

SSL Certificate Issues: For websites requiring a secure connection, an issue with the SSL certificate can lead to a 403 error.

Missing Index File: Some servers display a 403 error when a directory lacks an index file (e.g., index.html or index.php) and directory listing is disabled.

Quota Exceedances: Exceeding allocated resource or bandwidth quotas with certain hosting providers can result in a 403 error.

Firewall and Security Settings: Stringently set firewall rules or security plugins might prevent access to selected web content.

Some companies do not allow potential clients to visit the website

Website can’t be reached

Unfortunately every seventh Egyptian website is not accessible in Europe and America at any time. This is mainly due to technical misconfiguration website temporarily being offline.

Several factors can prevent a website from being accessed. One common reason is server downtime, where the server hosting the website is temporarily offline due to maintenance, overload, or technical glitches. DNS issues, which arise from problems translating domain names into IP addresses, can also prevent website access. This can happen if there's an issue with the DNS server or if changes to the domain haven't fully propagated across the DNS network.

Another potential reason could be local barriers such as firewalls or antivirus software, which might block certain websites if they are perceived as threats or if specific blocking rules are set. Websites might also become unreachable due to expired domain registrations, errors in their code or server configurations, or issues with their SSL/TLS certificates. If a website's certificate is expired, invalid, or not set up correctly, most modern browsers will block user access to ensure safety. Additionally, if a site breaches its hosting provider's terms of service, the provider might temporarily suspend it, rendering it inaccessible.

Fourteen percent of Egyptian websites are not accessible

Old website not redirected to new website

If a company decides to change its domain name, several critical steps and considerations are essential to ensure a smooth transition and to maintain brand integrity, search engine ranking, and user trust. Here's what's important:

Announcement and Communication: Notify your customers, partners, and stakeholders about the change well in advance. Clear communication helps reduce confusion and builds trust.

301 Redirects: Set up permanent 301 redirects from the old domain to the new one. This ensures that users trying to access your site using the old domain are automatically redirected to the new one. It also transfers most of the SEO value from the old domain to the new one.

Update Backlinks: Reach out to partners, industry websites, and other platforms that link to your old domain and request them to update their links.

SEO Considerations: Monitor search engine rankings closely after the change. Even with 301 redirects, there might be fluctuations in rankings initially. Update your XML sitemap and submit it to search engines.

Old website (khalda.com) not redirected to new website apacorp.com/portfolio/egypt

No secure website

Every fifth Egyptian company has an unsecured website and thus threatens the security of its visitors. An attacker can divert the traffic of a website to another, often malicious, website. 

A secure website prioritizes the protection of data transmitted between the user's browser and the site's server, ensuring this data remains confidential and intact from potential threats. One fundamental hallmark of a secure website is its use of the HTTPS protocol, which encrypts data during transit, distinguishing it from the less secure HTTP protocol. This encryption is facilitated by SSL (Secure Socket Layer) or TLS (Transport Layer Security) certificates, which not only encrypt data but also verify the authenticity of a website.

In addition to encrypted data transmission, a secure website employs several other protective measures. These include regularly updating server software and plugins, enforcing strong password policies, and utilizing firewalls to block unauthorized access. For websites managing financial transactions, the integration of secure and reputable payment gateways is essential. Indicators like the padlock icon in a browser's address bar and the "https://" prefix in the website's URL can help users identify and trust a secure website.

Twenty percent of Egyptian websites are not secure.

The state of website management among Egyptian enterprises, as evidenced by the research, reveals a spectrum of challenges and oversights. A significant portion of these enterprises still underestimates the importance of a robust online presence, with some lacking dedicated websites altogether.

There's also a prevalent misconception regarding the adequacy of subdomains, which, in fact, can undercut a company's professionalism and impede its growth and scalability. Regrettably, payment issues have led many to temporarily lose access to their domains or, in more extreme cases, to permanently lose them.

The threat landscape is also concerning, with website hijacking posing serious security threats, especially to those sites that haven't adopted secure HTTPS protocols. Furthermore, expired security certificates not only diminish a user's trust but also pose tangible security risks. Accessibility issues, compounded by technical misconfigurations, have rendered a significant percentage of Egyptian websites unreachable in Western regions. Finally, changing a domain without setting up proper redirects can disorient users and harm a brand's online equity.

In essence, while many Egyptian businesses have established an online presence, there's a clear need for greater attention to digital best practices to ensure brand credibility, user trust, and overall online efficacy.

Egypt Business analyses the digital marketing of the 500 most prominent Egyptian enterprises. This paper is #5 of a series of papers on digital marketing in Egypt. See also:
#1: 5 good reasons for digital marketing
#2: Steps to a digital marketing strategy
#3: Nine goals of digital marketing
#4: Growth marketing
#6: Element of an Egyptian website