Are Your Websites Secure Or Is The Back Door Wide Open?

0 views
Skip to first unread message

Willie Crawford

unread,
Feb 2, 2010, 1:30:06 PM2/2/10
to WebsiteManag...@googlegroups.com

A Free-Reprint Article Written by: Willie Crawford

Article Title:
Are Your Websites Secure Or Is The Back Door Wide Open?

See TERMS OF REPRINT to the end of the article.

Article Description:
One of the topics that all of us online business people are
aware of but usually don't feel totally on top of is
website security. Coming from a background of having spent
over 20 years in the U.S. military, and having spent four
years as a software tester, I have a greater awareness of
the need for continuous vigilance in this area than your
average marketer.


Additional Article Information:
===============================

722 Words; formatted to 65 Characters per Line
Distribution Date and Time: 2010-02-02 12:30:00

Written By: Willie Crawford
Copyright: 2010
Contact Email: mailto:wil...@williecrawford.com

For more free-reprint articles by Willie Crawford, please visit:
http://www.thePhantomWriters.com/recent/author/willie-crawford.html


=============================================
Special Notice For Publishers and Webmasters:
=============================================

HTML Copy-and-Paste and TEXT Copy-and-Paste
Versions Of Article Are Available at:
http://thePhantomWriters.com/free_content/db/c/websites-back-door-security.shtml#get_code

---------------------------------------------------------------------

Are Your Websites Secure Or Is The Back Door Wide Open?
Copyright (c) 2010 Willie Crawford
Willie Crawford Incorporated
http://WillieCrawford.com/ezine.html

One of the topics that all of us online business people are aware
of but usually don't feel totally on top of is website security.

Coming from a background of having spent over 20 years in the
U.S. military, and having spent four years as a software tester,
I have a greater awareness of the need for continuous vigilance
in this area than your average marketer.

I also know that you can never make your websites or your
computers completely secure. Instead, you can only do things that
reduce the risk.

Given that you spend a lot of time, money, and energy, building
your online business, it only makes sense that you set aside time
periodically to review security related issues, and to look for
problems that can be easily minimized.

Here are a few easy "fixes" that you can implement today that
will increase the security of your online business.

1) Delete outdated scripts that you no longer use from your
server. Many of "the bad guys" have studied the exact same
scripts that you use to power your websites, and they know where
the backdoors and vulnerabilities are. They know exactly which
file will allow them to create all kinds of havoc.

If you have old programs on your server that you are not using,
simply delete them.

2) Update older scripts that you are using. Often, the reason
that updates are released for a script IS to patch a
vulnerability that the developer has become aware of.

YES, upgrading can seem time consuming, and it can be tempting to
skip an update, and just wait for the next one. When you wake up
one day and can't access your server, or all of your websites
have been defaced or erased, you'll see the wisdom in ALWAYS
keeping the scripts powering your websites completely updated.

If you are as non-techie as I am, you simply hire a trusted
programmer to perform this task.

3) Change the default setting when installing scripts on your
servers. Many scripts have default passwords, and default
locations for critical directories that make these scripts work
flawlessly. Since everyone obtaining a copy of these script have
these settings, you probably want to change them, and you also
may want to rename certain directories.

4) Secure your web logs. Many web hosts have a standard location
for the website's logs and statistics on each hosting account.
The files that allow you to access, read, download, and
manipulate this data often aren't secured. At a minimum,
password protect that directory.

The danger in someone readily accessing your logs is that they
can see the names and paths of the files on your server,
including your download pages and the file names of files that
may actually be for sale products :-(

There are not only people who search on your product name,
looking for unsecured files - there are also people who enjoy
posting those links on sites where this type of information is
shared.

5) Put an index page in every directory on your server. If
someone surfs to the domain name of one of the directories on
your server, and there is no index page in that directory, they
will get a directory tree... showing them all of the files in
that directory, and allowing them to simply click in a given file
name to access it.

Servers can be configured to prevent this, but for many people,
the quickest and simplest way to protect their directories from
prying eyes is to stick an index page in each directory.

6) Give your download pages hard to guess names. Don't use urls
like YourDomain.com/ProductName/download.html Instead you want to
give download pages names comprised of a random sequence of
letters and numbers, perhaps stick them in directories not even
associated with a given product, or use a "download guard-type"
script that gives each customer a unique download link and
protects your files.

There are a lots of other things that you can do to easily close
common holes in your website's security. This article barely
scrapes the surface, and is intended more to make you aware of
the problem, and to get your thinking about it. Make regularly
reading articles and reports on the topic a part of your
education in how to operate a successful online business.


---------------------------------------------------------------------
Willie Crawford has been operating an online business for
13 years and believes that too many online marketers simply
pretend that problems with website security don't exist.
For a really eye-opening report on website security, get
the recordings of an interview Willie did with a leading
web security expert at: http://timic.org/CloseTheDoor


--- END ARTICLE ---

Get HTML or TEXT Copy-and-Paste Versions Of This Article at:
http://thePhantomWriters.com/free_content/db/c/websites-back-door-security.shtml#get_code

.....................................

TERMS OF REPRINT - Publication Rules
(Last Updated: May 11, 2006)

Our TERMS OF REPRINT are fully enforcable under the terms of:

The Digital Millennium Copyright Act
http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.2281.ENR:

.....................................

*** Digital Reprint Rights ***

* If you publish this article in a website/forum/blog,
You Must Set All URL's or Mailto Addresses in the body
of the article AND in the Author's Resource Box as
Hyperlinks (clickable links).

* Links must remain in the form that we published them.
Clean links should point to the Author's links without
redirects having been inserted into the copy.

* You are not allowed to Change or Delete any Words or
Links in the Article or Resource Box. Paragraph breaks
must be retained with articles. You can change where
the paragraph breaks fall, but you cannot eliminate all
paragraph breaks as some have chosen to do.

* Email Distribution of this article Must be done through
Opt-in Email Only. No Unsolicited Commercial Email.


* You Are Allowed to format the layout of the article for
proper display of the article in your website or in your
ezine, so long as you can maintain the author's interests
within the article.

* You may not use sentences from this article as an input
for any software that steals sentences from others in
order to build an article with software. The copyright on
this article applies to the "WHOLE" article.


*** Author Notification ***

We ask that you notify the author of publication of his
or her work. Willie Crawford can be reached at:
wil...@williecrawford.com


*** Print Publication Reprint Rights ***

If you desire to publish this article in a PRINT
publication, you must contact the author directly
for Print Permission at:
mailto:wil...@williecrawford.com

.....................................

If you need help converting this text article for proper
hyperlinked placement in your webpage, please use this
free tool: http://thephantomwriters.com/link-builder.pl

Would you like to learn how to improve the performance of your
article marketing campaigns? Download our F.R.E.E. 108-page
Article Marketing Ebook at:
http://thephantomwriters.com/ebooks/advanced-article-marketing.html


*****************************************************************
*
* This email is being delivered directly to members of the group:
*
* WebsiteManag...@googlegroups.com
*
*****************************************************************


=====================================================================

ABOUT THIS ARTICLE SUBMISSION

http://thePhantomWriters.com/ is a paid article distribution
service. thePhantomWriters.com and Article-Distribution.com
are owned and operated by:

Bill Platt
3010 E Raintree
Stillwater, Oklahoma USA 74074


Learn more about our article distribution services by visiting:
http://thephantomwriters.com/x.pl/tpw/info/article-distribution/index.html

The content of this article is solely the property
and opinion of its author, Willie Crawford
http://WillieCrawford.com/ezine.html

---------------------------------------------------------------------
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
---------------------------------------------------------------------

Reply all
Reply to author
Forward
0 new messages