Another Sign of the Times…

Even 6 months ago there wasn’t as many attempts on servers, I mean sure you have your automated SSH attempts, FTP attempts, folks trying to brute force a common list of account names “joeuser” “bob” “administrator” etc. for a common, easy, password - the common rule from olden days (aka the comedy classic Hackers) was words like sex, power, money, god, etc. things that are all too common in the day - but since rollerblades become popular (ie Hackers) - the war has moved elsewhere.

I have some clients which still to this day are HTML only folks, they only use HTML, they don’t want to try a CMS, they don’t want to make a Blog, their photo gallery they do by hand, and to them, I want to give them a hug for being sticks in the mud - less security concerns there (granting their username isnt bob and their password isnt power!) - but things like Message Boards, Blogs, Galleries, CMS systems - all lately have had seemingly an increase in attacks, this morning I got a txt’d from Julie saying they had a site defaced - not the worst of hacks, but still, requires attention, cleanup, audit to ensure files aren’t infected - and in some cases, wiping everything, and starting from a few days old backup.

So my advice to anyone out there who runs their own blog, their own gallery - and mainly any application which you can goto a .com and pickup - check for updates, check for new relases, and stay up on it. One of my customers has 1 semi-dated application, and another which is who knows how far behind in updates - this weekend he has quite a task ahead of him in updating these dated apps - sadly a worry I see if the loss of data or database corruption if a proper upgrade path isn’t taken - if your unsure how to update an app (aka a friend installed it for you, or it “came with my hosting”) - post a comment, ask away - unsure if your version is old? Check the software’s homepage, if it’s not posted all over “NOW VERSION 3.20391!!!!!!” check the downloads page, 99% of the time it’ll be listed next to the download link - but if you have questions, worries, need help in a walk through to backup, post a comment and I’ll be glad to offer help if I can either privately or via IM (and soon IRC) - just don’t think “Oh I’ll never get hit, my site is too small” - I have had personal websites which get less that 50 unique visitors a month get taken down, so no one type of site is targeted.

That’s my rant for the day - go about your business ;)

Posted on 27 April '06 by Chuck Brown, under deep thoughts, my private soap box, spam, they say its news, work, you hurt my brain.