MJR's slef-reflections

photo

Warning for Webmasters: Friday 13th ahoy!

Thu, 12 Jun 2008 16:18:11 +0100

Personally, I like Friday 13th. It's usually been pretty good for me. But for this one, I won't be surprised if computer abusers are planning some big attack tomorrow.

I've just spent a big chunk of my day upgrading and securing some of the websites that our free software cooperative supports for a customer. The number of attacks in the access logs is surprising - and I've been fixing other people's cracked servers for over a decade. It makes me wonder if someone is finding and recruiting exploitable systems for tomorrow.

If you have a website, please check that any web applications on it are installed correctly and the latest secure versions. I've been seeing a lot of attack attempts for Joomla and WordPress in particular, even on sites which don't run them. That says something bad about either the success rate of attacks for them, or the stupidity of their attackers.

In our case today, the damage seems to have been minimal (touch wood!), with the customer merely being banned from some networks for a while. It could be so much worse, like this BBC News report about Cotton Traders Card details stolen in web hack (which is part of why I suggest small online shops avoid storing credit card details on their site - leave it to the payment gateway).

Finally, there are some new scams like Conmen abuse web address checks on the horizon for online shops, so make sure you've got your 3D-Secure rules set correctly by now and be cautious about sending goods before you're sure you've got the money. I think all web card payment systems are a risk, so please try to limit your risk.

Update: If you do get attacked, try to help track the attackers down so we can get other results like the Jail sentence for botnet creator. I wish our governments would concentrate on toughening up blatent computer misuse law and stop tightening copyright law in secret.

Tags: cooperatives, life, software, web.

Comments are moderated (damn spammers) but almost anything sensible gets approved (albeit eventually). If you give a web address, I'll link it. I won't publish your email address unless you ask me to, but I'll email you a link when the comment is posted, or the reason why it's not posted.

This is copyright 2008 MJ Ray. See fuller notice on front page.