Content management systems attract hackers
Posted on 17 Jun 2011 by Alan Burns
Last year I wrote an article on the importance of keeping your scripts updated. I was reminded of that this week when a fellow WebHostingBuzz client and forum member had his site hacked.
The hackers attached the client’s site via a security hole in Mambo, a popular content management system. They managed to do some file replacements, and in fact opened up the site to further damage. When I visited the site, instead of the home page I saw a list of all site files as well as live delete and rename links. Anyone could have deleted or renamed large parts of the site.
Web scripts and applications are, by their nature, potential weak points. They process information and open routes to the web browsing public, as that is their purpose. With that comes the potential for undesirable access, possible unforeseen holes or flaws that could allow someone to modify or take control of the script or even your account.
It is your responsibility to keep your hosting account secure. You chose which scripts to install, so you must keep informed about required updates and patches. Your web host does not monitor every client to know what is being installed. You must educate yourself.
Know that by adding a package as comprehensive as a content management system, not only do you acquire tremendous functionality but also greater risk. If your site is small or uncomplicated, ask yourself if you really need a content management system. If you do, consider disabling functions that you don’t need, to reduce potential holes.
Stay informed, stay current and stay safe.
Sub-domains and redirects simplify web access
07 Jun 2011 by Alan Burns
Personal nameservers streamline multiple domains
20 Jun 2011 by Alan Burns