+ Post New Thread
Results 1 to 9 of 9
Internet Related/Filtering/Firewall Thread, Protecting my website in Technical; I manage the website for my school, which is built using Drupal. My background is mostly from the design side ...
  1. #1
    sjb
    sjb is offline

    Join Date
    Jan 2012
    Posts
    41
    Thank Post
    0
    Thanked 6 Times in 6 Posts
    Rep Power
    7

    Protecting my website

    I manage the website for my school, which is built using Drupal. My background is mostly from the design side of things so I don't have a lot of knowledge about security issues. I have noticed from the logs that there have been an increasing number of attempts to post obscene spam messages on our guestbook page (now up to around 150 a day). I have Mollom protection enabled, which is working well at the moment, and also have to approve any posts before they are published. However, I am concerned that the attacks may become more serious. A few log entries refer to 'page not found' errors for pages that have never existed on the site - eg one recent one was for crossdomain.xml.

    Should I be concerned? Is there any action I can take to protect the site and its contents? We have a lot of photos of school activities on the site, which is one of the most popular features with parents, but I am starting to feel a little uncomfortable about this if we are attracting attention from the darker side of the web.

    I have changed the url of the guestbook, and may even take it down completely uf it will help to solve the problem as it is hardly ever used by legitimate visitors. Have also blocked the ip addresses of the spammers on the site and on the web host.

    Any advice appreciated!

  2. #2
    hit
    hit is offline
    hit's Avatar
    Join Date
    Mar 2008
    Location
    London
    Posts
    324
    Thank Post
    47
    Thanked 50 Times in 48 Posts
    Rep Power
    51
    I wouldn't get too paranoid about 404's in the logs and crossdomain.xml which is usually a SWF object trying to access data out of its domain (or someone trying to gleam some info about your domains). Our web servers logs are chock-full of these errors and haven't seen any evidence yet of any breaches. Unfortunately there's not a lot you can do about it except keep your server and software up to date, it goes with having a bit of kit thats exposed to the outside world.

  3. #3
    hit
    hit is offline
    hit's Avatar
    Join Date
    Mar 2008
    Location
    London
    Posts
    324
    Thank Post
    47
    Thanked 50 Times in 48 Posts
    Rep Power
    51
    Oh, I forgot, make sure you have decent backups as well so you can quickly restore if needs be.

  4. #4
    jamesfed's Avatar
    Join Date
    Sep 2009
    Location
    Reading
    Posts
    2,202
    Thank Post
    137
    Thanked 342 Times in 289 Posts
    Rep Power
    86
    My personal blog gets about 30 spam hits a day - to be honest its nothing uncommon.
    Last edited by jamesfed; 3rd May 2012 at 11:58 PM.

  5. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,942
    Thank Post
    886
    Thanked 1,694 Times in 1,472 Posts
    Blog Entries
    12
    Rep Power
    447
    It isnt anything major to worry about. I would probably keep an eye on things and keep you webserver, Drupal and any other software you use upto date.

  6. #6
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,478
    Thank Post
    515
    Thanked 287 Times in 263 Posts
    Rep Power
    81
    It's definately common! I run my own web servers privately and in production and I dont just get spam attempts but hack attempts etc - aslong as you stay up to date and have the right security in place on your servers you should be fine and I presume your using a Linux server ?

    I wouldnt worry too much.

    Also, if yu can (to make things easier) get your server to email you logs of security breaches, spam attacks - I find it easier to monitor whats going on.

  7. #7
    sjb
    sjb is offline

    Join Date
    Jan 2012
    Posts
    41
    Thank Post
    0
    Thanked 6 Times in 6 Posts
    Rep Power
    7
    Thanks - that's reassuring to hear.

  8. #8

    Join Date
    Apr 2006
    Posts
    388
    Thank Post
    23
    Thanked 95 Times in 61 Posts
    Rep Power
    44
    The most important thing you can do is patch. If a security vulnerability is found in the application then it won't be long before people are trying to use it to break into vulnerable sites. If the components you use have a mailing list, subscribe so you get notified of new releases and can update asap.

    The other most important thing you can do is backup :-)

  9. #9

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    As above but you may also want to give this a read and possibly a try (with premission from the school/owner of the system)

    Learn to Hack | TuxRadar Linux

    This may give you a better idea of the kind of stuff that goes on and may help you find some of the holes before they become a problem.

SHARE:
+ Post New Thread

Similar Threads

  1. your feedback on my website
    By DJ-Jonesy in forum Web Development
    Replies: 22
    Last Post: 4th November 2011, 09:53 AM
  2. Redirect my website to a Facebook "page"?
    By ben604 in forum General Chat
    Replies: 3
    Last Post: 3rd June 2011, 12:24 PM
  3. Replies: 8
    Last Post: 15th May 2010, 10:47 AM
  4. Where is my website?
    By casey in forum South West Grid for Learning (SWGfL)
    Replies: 15
    Last Post: 13th January 2010, 06:51 PM
  5. Website: My Onsite Technician CD Wallet
    By JJonas in forum Downloads
    Replies: 1
    Last Post: 22nd April 2009, 02:54 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •