Cyber-Sierra Workshop 2002: Security Issues
     

Web Site Security

Index |  Back Up Basics |  Site Security |  Safe Surfing | 

 

Protecting Your Web Site

Protecting your site gets personal.

Protecting your web site won't take a gun. Web sites get compromised in all sorts of ways. Some are at the server level but most are at the web site level where you as the web master can take steps to protect yourself. Let's talk about a few of the security issues facing the web master:

Virus Threats and DOS

The most recent spate of viruses included one that attacked servers running a particular type of Windows operating system. The bug caused a pop up window running malicious code to infect every visitor's computer. While the patch was soon in coming, it was a disaster for anyone caught by this virus. As a result of this, many people have temporarily switched off javascript capabilities in their browsers as a security measure.

Denial of Service attacks are where so many requests for information arrive at the server at the same from so many different computers time that the server is overwhelmed. These types of attacks on a server take experts to resolve. Meanwhile, your web site is unavailable during that time.

Talk with your web hosting service and see whether they have firewalls, up-to-date server software, and a means of fending off denial-of-service attacks. These things are beyond your personal scope of remedy except as an informed customer. If you don't like the answers, move your web site to a better equipped hosting service.

Copyright Issues

Copyright issues can be thorny. Use original work.

Many beginning web masters worry about copyright issues. Copyright issues are the least of the problems. First, use original work if possible. Don't use other people's artwork or print material on your web site without permission. Permission is usually given if you simply ask.

Next, If you are worried about somebody stealing your original work by downloading a file, then don't put that work on-line. The whole point of the web is easy communication and spread of information. I would suggest you put a basic copyright notice on your site and forget about that issue, unless of course you are an artist. Artists use various means of tagging their images to prevent abuse.

For most web sites, invite people to use your graphics or reprint your materials in exchange for a link on their site. It will improve your web site traffic and get more people aware of your organization. Make the fact that people will borrow your work a plus, not a minus. The only time this becomes a real problem is if the borrower copies the whole site and tries to pass it off as their own (in which case get a lawyer.)

Don't put sensitive information on your web site or store it there either. You'll find that search engines index every page over time and you don't need a secret memo popping up in Google. Password protecting sensitive information seldom works either. It's an invitation to hackers.

Frame Traps

Breaking out of frames takes a simple code tag.

One reason a lot of web masters don't like frames is that their material can get utilized by other web sites and passed off as the other person's work. Some major web places like About.Com uses frames for offsite links but they include a "close frame" button. Less experienced webframers may not do this.

You can avoid getting trapped in someone else's frames. There are simple ways to code in frame-breakers. Of course if you are using frames yourself, the techniques won't work.

Use target attributes for links.
Target attributes tell the visitor's browser where to display the page. The target="_top" when used in internal page links will generally break a visitor out of a framed web site because the browser puts the page in a full window on "top"
 
Use a javascript to break out of frames.
There is a simple java script with directions at:http://www.jokes2000.com/html/escapeframes/
 
Validate your code.
Clean code is less subject to faulty displays and leaves less "hooks" for new threats to attach themselves to your page without your knowledge.
 

Scumware Attacks

Newer threats to web sites and their visitors are the "smart tags" type programs. Smart Tags in IE/XP essentially created highlighted keywords in the visitor's browser which enabled new links to offsite webs from keywords on YOUR site. Effectively it pulled visitors off your site to some sales pitch elsewhere without your knowledge. Think about it: If you were advocating a cause would you like your opponent to buy a keyword that you used on your pages and have your visitors be pulled to your opponents web site.

Smart Tags was to be included in Windows XP and Internet Explorer, but Microsoft pulled the feature after critics complained that it could be used to unfairly steer users towards Microsoft's Web properties. Early releases of MS Office XP included Smart Tags. There's a simple code to prevent MS Smart Tags from working which can be put in every web page's HEAD section: <meta name="MSSmartTagsPreventParsing" content="TRUE">

There are other similar tag programs now in use, now like eZula's TopText. Searchking has means of blocking TopText with a slick javascript: www.searchking.com/ezulakiller/ You've probably experienced it online when you reach a site that won't let you 'go back' your usual way. The web master isn't being mean, they are protecting their site from keyword pirates stealing visitors.

More Information:

Search King's EZula Killer
Back to basics.
 
Stop Thiefware
Get up to date on this topic.
 
Ad Aware
Free software to get unwanted ad stuff out of your computer.
 
Gibson Research
Home of Zone Alarm, you can find out all you ever wanted to know about security, spyware, denial of service attacks and test your system firewall, too.
 
Index |  Back Up Basics |  Site Security |  Safe Surfing | 

 

 

WORKSHOPS: E-Mail and Outreach |  Web 101 |  Building Accessible Webs |  Web Security | 

Workshops Location: http://www.cyber-sierra.com/workshops/
2002 copyright © Cyber-Sierra.Com, on-line since 1997