Author Topic: Site Safety  (Read 2676 times)

Offline hidden

  • Checking the place out
  • *
  • Posts: 6
  • Happy 2 B Here
Site Safety
« on: October 27, 2013, 02:18:42 PM »
Hi all,
I have been reading a lot lately of sites being hijacked and downloading some mean things to folk's machines. Are our CSB web sites safe from this type of attack? If not what do we need to do to lock them down safely?

I have heard it has a lot to do with Java not being up to date. I know Oracle just had an update last Saturday which I downloaded right away. Is this what they are referring to when making warning?

One of the newest hijackers I have been reading about it called "CryptoLocker". I should don't want to be the cause of this nasty thing getting anyone's machine infected. Here is a quote from the article I read last night "You browse a malicious website that exploits vulnerabilities in an out-of-date version of Java".

So I suppose I should also ask this: If I have not updated a sight in a long time should it be updated with the current Java on my machine?

Thank you for the help.
KAHSR

Offline hidden

  • Sami
  • Administrator
  • Senior Member
  • *****
  • Posts: 5924
  • Not a geek. Just a Nerd.
    • CSB Tutorials
Re: Site Safety
« Reply #1 on: October 29, 2013, 04:15:59 PM »
The sites created by CSB are HTML with no active content created by CSB.
The pages are not a threat or a problem.

HOWEVER....As always, there are predators that look for ways to corrupt and distort your site/purpose.
You need to take precautions with anything you ADD to your site.

1) ANY script you add to your website pages must be up to date.  For example, if you use INSERT HTML to add a nice javascript slideshow, it should be fine if it is not interactive. Javascript is not JAVA. Scripts from several sites (Dynamic Drive, Javascript kit, and many others) add fun interesting items to our sites.  Some of these scripts are simple one or two lines of code and are not a threat to anyone and are not worth hacking since they do not have interactive properties.  They passively do something without your visitor needing to choose or input anything.
Other scripts are HUGE and can be very interactive. This FORUM is a SCRIPT I run from Samisite.com.  It must be maintained on a regular basis, patches applied to add security or other features.  If you have any script of any size, consider if it is interactive and can be exploited and make sure it is updated regularly.

2) JAVA APPLETS.  You will most likely not have these on your site. But if you do, be sure they are CURRENT! These often have the feel of flash, smooth animation, water effects, etc.

3) FLASH. Unfortunately this format is under constant attack. Do you need flash elements on your site? Apple products (safari browser) do not support it natively so Ipad, Iphone, etc do not like flash elements. If not necessary, consider swapping for other format.

4) ANY FORM or interactive script that requires your visitor to input and send might be vulnerable to exploits!! This is usually the CSB user's largest concern. Do your best to be sure you are using a CURRENT and secure script.  Nothing related to "Form Mail" family of scripts.   Take a look at this topic for more info about it.  Using a form service often solves any worries here because the form script is maintained off your site.






« Last Edit: October 29, 2013, 04:22:23 PM by Samrc »
-Samantha
TNG: "Sometimes, you can make no mistakes, do everything right, and still lose" - Capt Picard to Data
(:turtle: In memory of Turtle: May 22, 1944 - Nov 24, 2007  GURU, mentor, and really nice guy! :turtleleft: )

Offline hidden

  • Checking the place out
  • *
  • Posts: 6
  • Happy 2 B Here
Re: Site Safety
« Reply #2 on: October 30, 2013, 09:49:03 AM »
Hi Sami,

Thank you so much for the very good explanation to my question. None of my sites have any type of interaction at this time so it looks like they are all safe and sound.

I am sure many folks have moved on from our tried and true CSB but I just haven't been able to yet:) If it isn't broke don't fix it.

Your the best,
Ken
KAHSR

Offline hidden

  • Sami
  • Administrator
  • Senior Member
  • *****
  • Posts: 5924
  • Not a geek. Just a Nerd.
    • CSB Tutorials
Re: Site Safety
« Reply #3 on: November 06, 2013, 11:18:56 AM »
CSB is easy, comfortable to use. Rebuilding is a pain but will be necessary at some point.  So far, sites are holding up ok.   :hapscream:
-Samantha
TNG: "Sometimes, you can make no mistakes, do everything right, and still lose" - Capt Picard to Data
(:turtle: In memory of Turtle: May 22, 1944 - Nov 24, 2007  GURU, mentor, and really nice guy! :turtleleft: )