Page 1 of 2 12 LastLast
Results 1 to 15 of 24
  1. #1
    Bronze Lounger
    Join Date
    Feb 2001
    Posts
    1,424
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Hackers and Websites

    Our school is suppose to have a website, which had been online for about five years now. It has been off-line since June. So upon inquiry of the Tech. Coordinator, this is the reply we received:
    "Well a few things...........In June the NIC card went out. Also, Dr. XXXXX asked if I would take over the website, which I am starting to build a new one now with completely different software and look.
    In a nutshell, our website ran on a Windows box with Front Page. It was a target for viruses and hackers since it was Windows. I am working on a Linux box which is much more secure and didn't pay a dime for it. It will take time for me to continue to build it when I get time......"

    I am not a happy camper because this doesn't seem to be a very valid excuse and I would like to raise a bit of concern. Couldn't he at least keep the first box running until he finally gets around to building that Linus box? Are virus and hackers such a problem? [....deep breath.....] But first I need to be sure I am just not going off the deep end. So, what would the appropriate response be? The web server was an independent box and I believe it had been behind a firewall. I cannot remember the operating system except it was MS and the new server was set up in 2002. Are viruses and hackers a real problem here? The school uses Sophos AV as well. And definitely a NIC isn't expensive nor hard to replace!

    Do you see and understand my frustration? Am I totally out of line in being aggravated with this response? Any helpful information would really be appreciated! <img src=/S/yep.gif border=0 alt=yep width=15 height=15> and <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15>


    "Peace begins with a smile. "-- Mother Teresa

  2. #2
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hackers and Websites

    Hi Skitterbug,

    There are 3 aspects of web security: Network (firewall, router, etc), System (Windows, IIS or other web server), and Appliation (the actual code of a website or web application). I've got a lot of experience with web security - mostly from the application development side, but I've also picked up an understanding of the system side as well. Generally, if the website is a target for hackers it's because there are security holes in the way it is set up. It's not just a Windows problem! Rather than abandoning a potentially good box/system, it seems like your IT person/people could invest a few minutes to read up on the proper ways to secure a web server. It's not *that* hard, really! <img src=/S/laugh.gif border=0 alt=laugh width=15 height=15>

    I would also recommend having a knowledgeable network person check over your network setup. If there are major holes in the firewall/router then moving to a Linux system won't do much good.

    Hope this helps

  3. #3
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,594
    Thanks
    5
    Thanked 1,059 Times in 928 Posts

    Re: Hackers and Websites

    I'd echo what Mark says. This Tech. Coordinator has been drinking funny Kool-Aid. Recent verisons of Windows are no more secure or insecure than Linux. It is all in the setup and administration. As far as being free - there is nothing free. You may be able to download a basic Linux disto free but if you get a 'enterprise' distribution from a vendor you are going to pay. You'll pay either for support or add-ons unique to the vendor. Also, you must consider the whole picture of on-going support and maintenance. For instance, what happens when this person leaves or is ill and no one else knows Linux administration? Linux in itself in not a bad decision - it will provide a good webserver platform. It does seem however that buying a new NIC would have been faster and cheaper than building a Linux box.

    You can get into a real war of words about security, cost, etc. when Windows and Linux are used in the same context. It is really hard to get good information. IMO, many (if not most) Linux supporters are much more inflexible and rabid about cost, security and benefits than other OS supporters.

    Joe
    Joe

  4. #4
    Bronze Lounger
    Join Date
    Feb 2001
    Posts
    1,424
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hackers and Websites

    <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15> for your replies, MarkJ and Joe! And to Leif for putting this post where it belonged!! <img src=/S/grin.gif border=0 alt=grin width=15 height=15>
    <img src=/S/ranton.gif border=0 alt=ranton width=66 height=37> From what I knew of the system in our school, the vendor who developed it had been in the business for 20+ years and, in my estimation, is one very smart individual. For the Tech Coordinator to chuck the current web server because of a "broken NIC" and hackers, etc., does seem ludicrous to me. If he wants to migrate to new software and server O/S, I guess that is his choice but to not maintain the current web while making the transition seems rather strange to me. Our school is about to begin (Aug. 24th), and it would be nice to know what is going on without having to make umpteen calls. Another side of this is our school is asking for more operating money (what's new?) and when I see this type of inactivity going on, it just makes my blood boil. <img src=/S/rantoff.gif border=0 alt=rantoff width=66 height=37> Time for a stiff cup of <img src=/S/coffeetime.gif border=0 alt=coffeetime width=32 height=48>


    "Peace begins with a smile. "-- Mother Teresa

  5. #5
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hackers and Websites

    ... Not to discourage you from having your stiff cup of <img src=/S/coffeetime.gif border=0 alt=coffeetime width=32 height=48>

    But in the meantime you could easily purchase a short-term hosting account with a reliable budget web host. You can find dozens of trustworthy companies that offer hosting for less than $10 per month - even on a month-to-month basis. All you would need to do is upload your most recent website files and redirect your domain to the new host. Another side benefit is that the 3rd party host would handle all of the network and system-level security for you!

    You should be able to find plenty of discussions about web hosts in the Web Design forum.

    Hope this helps <img src=/S/cheers.gif border=0 alt=cheers width=30 height=16>

  6. #6
    Bronze Lounger
    Join Date
    Feb 2001
    Posts
    1,424
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hackers and Websites

    <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15> MarkJ!!
    <img src=/S/yep.gif border=0 alt=yep width=15 height=15> I like this idea as it takes the excuse of potential hackers/virus troubles right out of the equation. I really doubt that this was the initial problem for the downfall of the school web but more just an excuse to use in an email to an "uninformed and questioning inquirer"......... or so the Tech Coordinator thought. And I am not uninformed thanks to all the help I get in Woody's Lounge (As a side note, this person has been "working on" a Linux box since spring 2003.) <img src=/S/sad.gif border=0 alt=sad width=15 height=15>

    Now to see what I can do to rectify the situation of the "missing" web or at least motivate the people in charge to look into the matter!

    My <img src=/S/coffeetime.gif border=0 alt=coffeetime width=32 height=48> did help!! Maybe it is time for one more!! Cheers! <img src=/S/grin.gif border=0 alt=grin width=15 height=15>


    "Peace begins with a smile. "-- Mother Teresa

  7. #7
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Hackers and Websites

    Skitterbug

    > As a side note, this person has been "working on" a Linux box since spring 2003

    I'm sure that nice Mr Wolfman has been working on one for far longer than that!

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  8. #8
    Bronze Lounger
    Join Date
    Feb 2001
    Posts
    1,424
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hackers and Websites

    <img src=/S/laugh.gif border=0 alt=laugh width=15 height=15> But at least <img src=/S/wolfman.gif border=0 alt=wolfman width=18 height=24> probably has his Linus boxes up and running!!


    "Peace begins with a smile. "-- Mother Teresa

  9. #9
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Hackers and Websites

    This is an opportunity to teach your tech about customer service and the mission of your institution. Sometimes, purity of technology has to take a back to useful work getting done. Even if he is right in the long run, unless he can complete it in 48 hours, he shouldn't be allowed to stand in the way of needed services. I think whoever is his boss should be able to put the correct spin on that message.

    Incidentally, I assume this person is not interested in learning more about securing Windows and IIS, but if he is, there are detailed guides for "hardening" Windows and IIS at Microsoft.com and on various security-related sites. Probably one of the top subjects in the security world for detailed steo-by-step guides.

  10. #10
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Hackers and Websites

    Skitterbug,
    Is this tech coordinatior getting a fee for this "work"? Unfortunately, there are some unscrupulous people who will try to take advantage of the so called "uninformed and questioning inquirer". My advice is to get rid of this hack ASAP.

    It reminds me of the time where my wife was working for a real estate company called Cove Realty. This was in the dark DOS days B.W. ( before windows )
    The tech they hired to come up with a real estate application for the Multiple Listing Services. After a long and dragged out time frame, he came by with what turned out to be a hacked version of an existing application. He installed it and had ONE day of training for the employees. At one point, my wife asked, " what is that symbol that came up after starting"? C: ? ( he proudly stated that it was one of his custom parts of his program. He said it stood for "Cove" Realty ! And for this he charged almost a thousand bucks for an app that retailed for about $99.00. Buyer beware !
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  11. #11
    Bronze Lounger
    Join Date
    Feb 2001
    Posts
    1,424
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hackers and Websites

    <P ID="edit" class=small>(Edited by skitterbug on 17-Aug-04 20:49. Obviously, this is my editorial opinion about this situation!! Thankfully, we are entitled to our opinions yet!!)</P>Hi Bob,

    You asked Is this tech coordinator getting a fee for this "work"?

    Yes, this Tech Coordinator has a school contract which presently pays him somewhere between $50K and $60K, closer to the 60K mark this year I believe, along with his month's worth of vacation, etc. His credentials for the job consisted of a Bachelor degree in Business, an A+ certification and experience in knowing how to load software for inventory of parts in cribs for industry. The former Superintend gave him the job for some unknown reason and once someone is hired into the Education world, it is very hard to do anything about them. And <img src=/S/sad.gif border=0 alt=sad width=15 height=15> It is our school that is suffering. We had a forward thinking gal, who was the Tech Coordinator before him. Among other degrees, she had a degree in Computer Science and a work ethic that wouldn't quit. The only reason she stepped down (and back into teaching) was that she had felt she had taken our school as far as she could and she was hoping that the superintendent and school board would hire another individual who would improve on her foundation and take us even farther. Instead we have come to a grinding halt and even lost ground now. Trouble is, this is a small community and everyone thinks he is "such a nice fellow". It would be nice to be able to follow your advice and "get rid of this hack ASAP". I am just not sure how!! My frustration has been very apparent in this thread and I hope I haven't offended anyone with my ranting and raving!! I do appreciate all the information you all have shared and I hope that some way, some how it can be used for "enlightenment" of "the powers to be" in a positive manner. So maybe some good will come of this! I sure hope so!! <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15>


    "Peace begins with a smile. "-- Mother Teresa

  12. #12
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Hackers and Websites

    Hi Skitterbug,
    --------------------------------
    I am just not sure how!!
    -------------------------------

    Maybe you could show the present school Super copies of this thread to show what other people think of his performance?
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  13. #13
    2 Star Lounger
    Join Date
    Sep 2003
    Location
    Juneau, Alaska, USA
    Posts
    110
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hackers and Websites

    From my position, which includes volunteer maintenance of several web sites, the biggest problem with this Tech is part of what you've mentioned-taking down the old site before the new one was ready. Is it possible that there was a requirement to build the new site on the same hardware as was running the old one? That's still not a very good explanation/excuse, but if that was a requirement it might explain why he took it down. (For my work I 'test build' the new site on my own hardware when I have this problem. Then I do take the old site down before putting up the new. But the longest I've had a site down for this was 3 days.)

    Yes, security & hackers are a major problem-although it depends on what services you run, too. (Windows has far too many services enabled by default-and even worse, some that you disable are re-enabled when you apply an update. So not only is it more difficult to set up securely than most Linux distros, but you also need to keep re-checking it. Not that that's a bad idea for any security, but sometimes-particularly with a volunteer effort-you just don't have the time.)

  14. #14
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Newark, New Jersey, USA
    Posts
    999
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hackers and Websites

    Ok, I read thru most of the thread and read a few great things and a few things that I MUST disagree with. First. Yes, Mark is 100% right abut the hosting. Most hosting companies now do NOT require a contract. Its month by month. The tech shouldn't have taken down the box until the site was secure somewhere.

    As far as the Linux v. Windows security issues. First, out of the box, Linux is far more secure then any Windows rev. After a bit of tweaking on both ends, you have 2 secure boxes, BUT how many times does someone find a hole in windows and how long does it take for them to patch? I can tell you's, fact, a major hole in windows - 1-3 months. A minor hole in apache (linux web server) 2 days.

    Then, not sure about the age range of the students but we were constantly hacking the schools computers. (they were all tied in, even the one in the classrooms)
    Its a lot harder to hack a secure linux box then a secure Windoze box.

    Thats my 2 cents. <img src=/S/anigrin.gif border=0 alt=anigrin width=19 height=19>
    Mike Wolfman
    Jack of all, Master of none
    Bow before me, for I am root.
    <IMG SRC=http://www.wopr.com/w3tfiles/112673-wolfsig.jpg>

  15. #15
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hackers and Websites

    While I will always be a die-hard Microsoft pereson, I'll agree with Mike on this. Educational IT environments are a unique animal. Not only do you have to secure the network and systems from outside attacks, you also have to keep things just as tight from the inside! After all, many hackers are of high-school and college age.

    In this case, the biggest factor that should determine the OS is what type of content and/or applications will need to be run on the server. If you have any ASP or ASP.NET code in your website then you have no choice but to go with a Windows environment. If you have mostly static content, Perl scripting, or PHP scripting then you'll be right at home with a non-Windows platform (Linux, Unix, etc...).

    Please keep us posted with the details. I'm quite interested to hear how this turns out.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •