Merry Christmas! Your website’s been hacked.

It’s ever more apparent that self-hosting is inappropriate for most small organizations. Why? Security.

Hacking is no longer a possibility, it’s an eventuality in cases where sites are inconsistently managed.

In this case an NPO/NGO hired someone with PC-based prepackaged web development software (Adobe, MS, there are others) to slap together a PhP site. GoDaddy’s least expensive hosting package completes the picture.

Based on a survey of the history (in just the logs) it’s evident that the site was hacked almost from inception. This means it operated for YEARS and no one knew about the abuse.

What surprises us most perhaps is that with the depth of analytics available to hosting enterprises in the present age, how something this simple and obvious could go unnoticed.

If a human in one minute looking at access logs can discover the website’s been hacked? Who’s more at fault? The Host or the site owner.

The problem and conflict emerges when Internet business sell websites that anyone can build and access — anyone can self-publish self-hosted sites if they have software.

The option? Shared hosting with agencies like GoDaddy.com, WordPress.com, Web.com … where the Host retains security management across all of the websites.

Hacking in this case (that NPO) was discovered as part of the due diligence any professional should conduct prior to making archives of old sites.

Before FTP’ing a snapshot of an old website, an engineer should assess the code. Is it safe to keep?!

No one would have known otherwise.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s