APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Site security and all that

Some bloggers take the ostrich approach to security: head in the sand, somebody else does that, I'm not going to worry about it.

Then one morning you wake up to find your web site has been hacked and all your pages are gone or replaced with graffiti. It's an ugly situation.

How does it happen? More often than not, it's security weaknesses in third party packages you may be using. If you just wrote static web pages, with no PHP or Javascript or anything but HTML, and maintained good, secure passwords, it's unlikely you would ever be hacked. An operating system or networking approach might get you, but your hosting provider should be protecting you from that. Trouble is, most of us don't just have static pages. A lot of bloggers pages today are PHP driven with all sorts of add-on modules. PHP has had its share of security problems, and so have several third party modules.

When a security whole is discovered in a popular module or application, it potentially puts a lot of people at immediate risk. You may not even know if your site uses a particular module: for example, this very recent XML-RPC worm affects Unix and Linux systems using XML-RPC for PHP. You might know if you have a Linux or Windows OS, but do you know if your site software uses XML-RPC for PHP? It might; but even if it does you aren't necessarily at risk: many of these security problems are dependent upon configuration conditions that may not apply to you.

Keeping up with all of that is difficult. If you have a small website that isn't a large part of your income stream, you probably aren't going to make much effort to follow the ins and outs of security threats that may affect you. As your site gets larger, and produces more income, the potential loss becomes more serious and important. When you reach that point, you really do need to be intimately aware of the software you use and how security advisories affect you specifically.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Site security and all that




Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Tony Lawrence



Kerio Samepage


Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





If you lie to the computer, it will get you. (Perry Farrar)

Write a paper promising salvation, make it a 'structured' something or a 'virtual' something, or 'abstract', 'distributed' or 'higher-order' or 'applicative' and you can almost be certain of having started a new cult. (Edsger W. Dijkstra)







This post tagged: