All posts tagged ‘servers’

File Under: servers, Web Basics

What to Do When Your Website Is Hacked

All it takes is one open lock. Photo: David Bleasdale/Flickr

One drawback to the otherwise awesome sauce of the do-it-yourself web is that you’re also responsible for fixing it yourself when something goes wrong — call it the FIY corollary to the DIY web.

For example, what happens if the bad guys attack your website?

In some cases your web hosting service may be able to help, but most of the time undoing the damage is your responsibility. Websites are attacked every day; well-tested though they may be, frameworks and publishing tools inevitably have security flaws and eventually you may be bitten by one. Or it might not even be the tools that end up being the problem, it might be something far less obvious. Developer Martin Sutherland’s server was recently hacked because one file on a shared server had the wrong file permissions.

Sutherland’s write-up of how he discovered and fixed the attack on his server is well worth a read and makes an excellent primer on how to handle being hacked. While Sutherland’s situation may be specific to the attack that his site suffered, his diagnostic steps make an excellent starting point even if you use a completely different publishing system. (Sutherland uses Movable Type.)

Sutherland’s strategy (once he realizes he’s been hacked) is to scan through all the files on his server to see which ones had recently been changed. He then filters that list, ignoring files that should have changed (log files, etc.) and narrowing it down to suspicious file changes.

How much this approach will tell you if your own site has been hacked depends on what the attacker has done and what your server setup looks like, but it should help you get moving in the right direction. Read through the full post for the specific command line tools Sutherland uses to inspect his files. If you’re not comfortable on the command line or don’t have shell access to your server you may be able to use something like Exploit Scanner (if you’re using WordPress) or a similar tool for your publishing system.

Once you know what happened and which files were affected it’s just a matter of rolling back the changes using your backups. You do have backups right? As Sutherland writes, “it’s not a matter of if something goes wrong, it’s a matter of when.” Remember: backups are only useful if you have them before you need them.

We sincerely hope your site is never hacked, however, it does happen all too frequently. As Sutherland’s write-up illustrates, one of the keys to making sure that you recover quickly is to have good backups. Do yourself a favor and spend a few minutes creating an automated backup system before something goes wrong. Now excuse me while I go make sure my pg_dump cron script is running properly.

File Under: Glossary

IIS

Microsoft’s internet information server, or IIS, is one of the most widely used commercial web server applications on the market. It runs on the Windows operating system and it incorporates all of the tools required by high-traffic commercial websites, such as security, extensions, logging, database interfaces and all of the necessary protocols.

File Under: Glossary

DNS

The domain name system (DNS) is an internet service that translates domain names (like wired.com) into IP addresses (like 208.77.188.166).

We use domain names because people can remember words better than numbers, but web servers still need the IP numbers to access the page. Every time you use a domain name, a DNS server must translate the name into the corresponding IP address.

File Under: Glossary

IMAP

The mail protocol most people are most familiar with is POP, which has long been the industry standard for serving and retrieving email. A client, which is the sort of desktop mail program with which everyone’s familiar, connects to the POP server and says, “Do you have any messages for me?” If the answer is yes, the client gets a list of the messages, downloads them, and optionally either deletes them from the server or leaves them in place. That’s pretty much the entire capability of POP.

IMAP is an alternative to POP that offers many advantages. Notably, it keeps centralized copies of messages on the server, where they can be accessed from anywhere, rather than fragmented and hidden away in various non-synchronized, non-centralized desktop mailboxes. The mail client interacts with the centralized messages, so your mailboxes look the same at any computer you access them from. The read/unread/replied status of each message is tracked on the server too.

Since IMAP requires long-term storage of messages on the server, email providers have long preferred POP and its quick, space-saving turnaround, which passes the expense of long-term storage on to the user. In fact, almost no popular consumer email provider offers IMAP. Running your own server, though, you can take advantage of IMAP’s benefits. The majority of desktop email clients — Outlook, Eudora, Apple Mail, Thunderbird, et al. — are already ready for IMAP. If you prefer a web-based interface, you can set that up too.

Suggested readings

Set Up a Debian or Ubuntu Machine as a Maildrop

File Under: Glossary

Pageview


A pageview – a single screen of content – refers to the sum total of what a user sees in a browser window. Before frames came along, pageviews were a hell of a lot easier to explain and to track:the page you saw was one simple page of content. But frame-based pages are comprised of a whole mess of documents. The Webmonkey frontdoor brings together three different pages:the frameset itself, the content page in the top frame, and the ad called up in the bottom frame. Yet in the language of pageviews, these three pages add up to a single pageview.