# # Site security and all that
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Site security and all that

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© December 2005 Tony Lawrence

Some bloggers take the ostrich approach to security: head in the sand, somebody else does that, I'm not going to worry about it.

Then one morning you wake up to find your web site has been hacked and all your pages are gone or replaced with graffiti. It's an ugly situation.

How does it happen? More often than not, it's security weaknesses in third party packages you may be using. If you just wrote static web pages, with no PHP or Javascript or anything but HTML, and maintained good, secure passwords, it's unlikely you would ever be hacked. An operating system or networking approach might get you, but your hosting provider should be protecting you from that. Trouble is, most of us don't just have static pages. A lot of bloggers pages today are PHP driven with all sorts of add-on modules. PHP has had its share of security problems, and so have several third party modules.

When a security whole is discovered in a popular module or application, it potentially puts a lot of people at immediate risk. You may not even know if your site uses a particular module: for example, this very recent XML-RPC worm affects Unix and Linux systems using XML-RPC for PHP. You might know if you have a Linux or Windows OS, but do you know if your site software uses XML-RPC for PHP? It might; but even if it does you aren't necessarily at risk: many of these security problems are dependent upon configuration conditions that may not apply to you.

Keeping up with all of that is difficult. If you have a small website that isn't a large part of your income stream, you probably aren't going to make much effort to follow the ins and outs of security threats that may affect you. As your site gets larger, and produces more income, the potential loss becomes more serious and important. When you reach that point, you really do need to be intimately aware of the software you use and how security advisories affect you specifically.


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> Site security and all that


Inexpensive and informative Apple related e-books:

El Capitan: A Take Control Crash Course

Take Control of Apple Mail, Third Edition

Take Control of Numbers

Take Control of IOS 11

Take Control of Upgrading to El Capitan





More Articles by © Tony Lawrence





Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





Silence is better than unmeaning words. (Pythagoras)




Linux posts

Troubleshooting posts


This post tagged:

Web/HTML



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode