One drawback to the otherwise awesome sauce of the do-it-yourself web is that you’re also responsible for fixing it yourself when something goes wrong — call it the FIY corollary to the DIY web.
For example, what happens if the bad guys attack your website?
In some cases your web hosting service may be able to help, but most of the time undoing the damage is your responsibility. Websites are attacked every day; well-tested though they may be, frameworks and publishing tools inevitably have security flaws and eventually you may be bitten by one. Or it might not even be the tools that end up being the problem, it might be something far less obvious. Developer Martin Sutherland’s server was recently hacked because one file on a shared server had the wrong file permissions.
Sutherland’s write-up of how he discovered and fixed the attack on his server is well worth a read and makes an excellent primer on how to handle being hacked. While Sutherland’s situation may be specific to the attack that his site suffered, his diagnostic steps make an excellent starting point even if you use a completely different publishing system. (Sutherland uses Movable Type.)
Sutherland’s strategy (once he realizes he’s been hacked) is to scan through all the files on his server to see which ones had recently been changed. He then filters that list, ignoring files that should have changed (log files, etc.) and narrowing it down to suspicious file changes.
How much this approach will tell you if your own site has been hacked depends on what the attacker has done and what your server setup looks like, but it should help you get moving in the right direction. Read through the full post for the specific command line tools Sutherland uses to inspect his files. If you’re not comfortable on the command line or don’t have shell access to your server you may be able to use something like Exploit Scanner (if you’re using WordPress) or a similar tool for your publishing system.
Once you know what happened and which files were affected it’s just a matter of rolling back the changes using your backups. You do have backups right? As Sutherland writes, “it’s not a matter of if something goes wrong, it’s a matter of when.” Remember: backups are only useful if you have them before you need them.
We sincerely hope your site is never hacked, however, it does happen all too frequently. As Sutherland’s write-up illustrates, one of the keys to making sure that you recover quickly is to have good backups. Do yourself a favor and spend a few minutes creating an automated backup system before something goes wrong. Now excuse me while I go make sure my pg_dump cron script is running properly.
The mail protocol most people are most familiar with is POP, which has long been the industry standard for serving and retrieving email. A client, which is the sort of desktop mail program with which everyone’s familiar, connects to the POP server and says, “Do you have any messages for me?” If the answer is yes, the client gets a list of the messages, downloads them, and optionally either deletes them from the server or leaves them in place. That’s pretty much the entire capability of POP.
IMAP is an alternative to POP that offers many advantages. Notably, it keeps centralized copies of messages on the server, where they can be accessed from anywhere, rather than fragmented and hidden away in various non-synchronized, non-centralized desktop mailboxes. The mail client interacts with the centralized messages, so your mailboxes look the same at any computer you access them from. The read/unread/replied status of each message is tracked on the server too.
Since IMAP requires long-term storage of messages on the server, email providers have long preferred POP and its quick, space-saving turnaround, which passes the expense of long-term storage on to the user. In fact, almost no popular consumer email provider offers IMAP. Running your own server, though, you can take advantage of IMAP’s benefits. The majority of desktop email clients — Outlook, Eudora, Apple Mail, Thunderbird, et al. — are already ready for IMAP. If you prefer a web-based interface, you can set that up too.
A pageview – a single screen of content – refers to the sum total of what a user sees in a browser window. Before frames came along, pageviews were a hell of a lot easier to explain and to track:the page you saw was one simple page of content. But frame-based pages are comprised of a whole mess of documents. The Webmonkey frontdoor brings together three different pages:the frameset itself, the content page in the top frame, and the ad called up in the bottom frame. Yet in the language of pageviews, these three pages add up to a single pageview.
The path tool in Photoshop enables the selecting, identifying, and saving of parts of an image more precisely than the Lasso tool. Using the path tool, you can create an adjustable line connected by dots around a particular area. Once you’ve completed a circle, the path tool will select that area, allowing you to name and save it. The path can then be manipulated just as you’d manipulate a layer.
Apache is a freely available, and highly popular, open-source web server.
Originally, Apache was designed for Unix. Now versions are available for most operating systems including Windows, OSX and Linux. There are also numerous add-ons and tailored versions of the server using the Apache module API. The name Apache comes from its origins as a series of “patch files.”