Server and security - what shoul I do.

	Home Register Search Help Login

Sponsors

Shopping Cart Software
Ecommerce software integrated into Frontpage, Dreamweaver and Golive templates. No monthly fees and available in ASP and PHP versions.

Website Templates
We also have a wide selection of Dreamweaver, Expression Web and Frontpage templates as well as webmaster tools and CSS layouts.

Frontpage website templates
Creative Website Templates for FrontPage, Dreamweaver, Flash, SwishMax

Search Forums

Recent Posts

Todays Posts
Most Active posts
Posts since last visit
My Recent Posts
Mark posts read

Server and security - what shoul I do.

View related threads: (in this forum | in all forums)

Logged in as: Guest

Users viewing this topic: none

Printable Version

All Forums >> Web Development >> Server Issues >> Server and security - what shoul I do.

Page: [1]

abbeyvet

Posts: 5095
From: Kilkenny Ireland
Status: offline

Server and security - what shoul I do. - 5/23/2001 20:46:00

Today I was asked to take a look at an existing site that is giving some problems and was given a user name and password to FTP it to have a look at how it was set up.

I opened it and just to see if there was a cgi-bin above the root directory (there was none in it) I hit the up arrow in WS_FTP.

To my absolute astonishment I was then looking at a sreen full of the web folders of about 30 other sites, all of which I could open and peruse at my leisure. I did poke around a bit and with out any difficult opened two files which contained credit card information, certainly sufficient for me to have a very happy days shopping on the internet had I a mind to. I could not edit files but could enter webs, open folders, view pages and so on without any difficulty.

I have informed the people who asked me to look at it about the lack of security and told them to contact their hosts about this as a matter of urgency. However I really feel bad for the other sites.

Would you take it that it is their own look out and they should take care of security themselves or should I inform them? The people who run the server ( and designed the troublesome site) are one of the largest design/hosting companies in Ireland. I feel as though I am sitting on a time bomb.

I saw all this at 10 am - rang my clients immediately and they immediately phoned their host - who incidently told them that it was something I did and basicaly I was obviously an undesirable with whom they should not be involved. As of a few minutes ago(4.30pm) nothing has changed.

------------------
Katherine

InKK Design
LinKKs - Kilkenny's Online Magazine

-*-*-*-*-*-*-*-*-*-*
"Dogs have owners, cats have staff!"

Gil

Posts: 7533
From: North Carolina, USA
Status: offline

RE: Server and security - what shoul I do. - 5/23/2001 23:15:00

I would do two things:

1. Have your client change the password so you do NOT have access.

2. Stay as far away from this host as possible

------------------
Gil Harvey
The Host Factory
Resellers are our speciality
"Is there another word for synonym?"

(in reply to abbeyvet)

Rian

Posts: 1960
From: Lincoln, Nebraska USA
Status: offline

RE: Server and security - what shoul I do. - 5/23/2001 23:30:00

quote:
Originally posted by Gil:
I would do two things:
1. Have your client change the password so you do NOT have access.
2. Stay as far away from this host as possible
[/B]

Sage advice.......

Rian

------------------
Webmaster
SR Web Creators
http://www.srwebcreators.com
_ _____________ _
"Press ENTER once to quit or twice to save changes..."
_ _____________ _

(in reply to abbeyvet)