Your Web site is your online business. Don't you lock the door and secure the windows of your "brick and mortar" business? Do you have an alarm system? Don't you think it's important to do the same with your online business?
Welcome to Bucaro TecHelp!

Bucaro TecHelp
Maintain Your Computer and Use it More Effectively
to Design a Web Site and Make Money on the Web

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Victims of Sandy Hook

Stop the Slaughter of Innocents. Congress is bought and paid for by gun lunatics and gun promotion groups. If you want to live in a safe America, help buy Congress back for America. Send a donation to Mayors Against Illegal Guns, 909 Third Avenue, 15th Floor New York, NY 10022

How "Secure" Is YOUR Web Site?

A few days ago, an incident happened to me that has prompted the writing of this article. I'm sure that if this is an issue for me and one of my Web sites, it's an issue for many others.

With my personal Web site, I use a nationally known Internet Host provider to host it. They've hosted my site for years, and I can't really complain about their services (except that you can rarely find a real "person" to talk to).

However, a few days ago, I wanted to give a good friend of mine, Dave Barry, access to FTP into my Web site to download a particular file. Rather than using an FTP program, he used IE (Internet Explorer) to FTP into the site. The strange thing is, before I even gave him my username and password, Dave was inside the server where my site is hosted!

Dave said that the server, and any sites hosted on that server, were wide open for attack. He was able to see the System 32 Directory, passwords, etc. The good news for me is that Dave is a Certified Internet Webmaster Security Professional Instructor, so he knows exactly what he's talking about (and I don't).

He ran a report to show the vulnerability of my Web site. That report indicated that there were seven high risk vulnerabilities, four medium risk, and two low risk. It also said that it was imperative that I take immediate action in fixing the security issues of the network.

Now isn't this a comforting thought, especially since I've never questioned the security of my Web site? I use one of the top Web hosting firms in the country. This problem should NOT have happened.

I contacted the hosting company, and they're checking into it. At one point, they said, "A little further research on my part found that anonymous FTP is erroneously enabled on your website." Then, in a later e-mail, they changed their mind, "I did misspeak last night when I said that anonymous access was enabled, as I could not upload any files at all, though I could view some directories and files, evidently some relatively innocuous system data files."

Dave disagreed, and he promptly sent me two files to prove how vulnerable and insecure the system is. I sent them those files as well as the security report Dave ran, and they're continuing to look into it.

In my case, though this is a very disturbing situation, it isn't the end of the world. I don't sell anything on my Web site -it's there for informational purposes only.

But, for those of you who actually sell goods or services over the Internet, this could be a huge, and extremely distressing, problem. As Dave said, "I could crash the entire server in a matter of minutes." But, he's one of the good guys wearing a white hat, not a hacker. He's also responsible for 40 plus Web sites through his company, all of which are extremely secure.

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2017 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268