APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Site security and all that

© December 2005 Tony Lawrence

Some bloggers take the ostrich approach to security: head in the sand, somebody else does that, I'm not going to worry about it.

Then one morning you wake up to find your web site has been hacked and all your pages are gone or replaced with graffiti. It's an ugly situation.

How does it happen? More often than not, it's security weaknesses in third party packages you may be using. If you just wrote static web pages, with no PHP or Javascript or anything but HTML, and maintained good, secure passwords, it's unlikely you would ever be hacked. An operating system or networking approach might get you, but your hosting provider should be protecting you from that. Trouble is, most of us don't just have static pages. A lot of bloggers pages today are PHP driven with all sorts of add-on modules. PHP has had its share of security problems, and so have several third party modules.

When a security whole is discovered in a popular module or application, it potentially puts a lot of people at immediate risk. You may not even know if your site uses a particular module: for example, this very recent XML-RPC worm affects Unix and Linux systems using XML-RPC for PHP. You might know if you have a Linux or Windows OS, but do you know if your site software uses XML-RPC for PHP? It might; but even if it does you aren't necessarily at risk: many of these security problems are dependent upon configuration conditions that may not apply to you.

Keeping up with all of that is difficult. If you have a small website that isn't a large part of your income stream, you probably aren't going to make much effort to follow the ins and outs of security threats that may affect you. As your site gets larger, and produces more income, the potential loss becomes more serious and important. When you reach that point, you really do need to be intimately aware of the software you use and how security advisories affect you specifically.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> Site security and all that

Inexpensive and informative Apple related e-books:

El Capitan: A Take Control Crash Course

Take Control of Apple Mail, Third Edition

Take Control of Numbers

Take Control of IOS 11

Take Control of Upgrading to El Capitan

More Articles by © Tony Lawrence

Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

Silence is better than unmeaning words. (Pythagoras)

Linux posts

Troubleshooting posts

This post tagged:


Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode