Saturday, November 4, 2017

Web hosting updates: web vulnerabilites and how careless website owners are!

In this week's web hosting updates, let's concentrate on the issue of website security, because a number of reports have surfaced in recent times about this serious but much ignored matter.

Website owners, most of them, seem to be blissful about their website's security. They feel, nobody would be interested in hacking their website or the website would not be exploited because it is behind some sort of security provided by the web host. Some go a step further and install a malware protector and then feel divinely secure.

That is why the exploiters rule the www. That's why billions of dollars are wasted every year by website owners worldwide after attacks, on trying to recover data and on curative actions.

Wordpress plugins: a boon for functionality but bane for security

The news about plugins being found vulnerable surfacing again and again is unnerving for Wordpress users.

While the core of Wordpress CMS is extra-ordinarily strong, it is the plugins that are easy to exploit.

In a fresh report, three plugins, 'Appointments', 'Flickr Gallery' and 'Registration-Magic' were found exploited. Let me hasten to add that their updated versions have now been posted.

The three plugins are not popular and so the damage this time has been quite low. Recall, how plugin 'DisplayWidgets' was exploited earlier this year, compromising about 200,000 websites running on Wordpress. The worst part of it was that three subsequent updates of the plugin too had the same spam code!

The dictum that Wordpress users must not forget is to install only high rated plugins, and to update them regularly.

But users are too careless when it comes to website security!

Let's see what NextCloud has to say about users' carelessness in applying patches. NextCloud, a German service provider for cloud storage, online collaboration, etc, has found that its clients do not bother even to apply new security patches that are released by it from time to time for its software.

Not only that, even people who are supposed to be responsible for and knowledgeable about web security were found to take things lightly.

The firm found that even clients sharing critical or sensitive data were also not bothered.
(Source: this DataCenterKnowledge article)

Check out this security checker from Microsoft: Sonar

You must have used online and offline website auditors, free or paid, that check performance and security of websites. Microsoft created a command line website analyzer, and a simpler online scanner, and this year they donated it to JS Foundation.

Sonar website checker from Microsoft
Narwhals: YouTube grab

Called Sonar, this open source tool not only gives details of issues related to performance and security, it tells why something is behaving the way it is. The narwhal, ocean creatures supposed to have the best sonar system, is the logo of this service.