Gallery

Out with the old

Posted on 28 Apr 2009 at 10:26

Mark Newton wonders whether change is always for the better, and defends the difficult practice of web hosting.

I've asked Microsoft support about this problem but am still waiting for a reply. To say that ASP.NET fully supports the major European languages would appear to be a bit of a joke, while the older ASP is good enough. Perhaps I should go back to Dreamweaver and an easy life!

Anything for an easy life

Hosting websites can seem like easy money: just stick some files onto a server and charge your customer a monthly fee. Like a lot of things that appear easy to the uninitiated though, a lot of extra work is done behind the scenes to keep this state of affairs running smoothly.

There are a lot of tools out there to help you with this process, but what happens when you think someone is trying to hack into a website that's hosted on one of your servers? You could just gather the log files and analyse them yourself, but for a busy site such log files can be huge, containing millions of lines, which makes this a daunting task.

The other day, I came across a tool that not only alerts you to possible attacks but blocks them too. Server Defender from Port80 (www.port80software.com) installs on any box running IIS5 or 6, with a version for IIS7 being developed, and it monitors all requests going to the websites running on that server. Depending on its settings, if it detects an attempted hack - say, by code injection into the URL string - it will either alert you or automatically block that IP address. Server Defender displays a table of all the alerts it's detected, and you can mark these as safe or permanently block the IP address they came from. The detection engine not only checks for known types of attacks and blocks character sets known to be used in an attack, but also uses a "behavioural engine" rather like an antivirus program to detect possible attacks that it doesn't currently know about.

Server Defender is a great product to run on a server that hosts websites built by other people, where you don't have control over their code. Set it to alert and monitor things and then advise your clients whenever their code is allowing some possible vulnerability. The ability to block an IP address with a single click is useful, as often an attacker will try different tricks and this is easily spotted as you'll see several alerts all from the same IP address. Server Defender will also report requests rejected by Microsoft's free IIS plug-in, UrlScan, which saves looking through another set of logs to keep an eye on the health of your server. Server Defender is worth checking out: there's a 30-day evaluation version on the website for download, but I was so hooked I paid real money to renew my licence.

Cloned forums?

While doing a lot of development work recently I needed to search the web for help with one or two problems. I was amazed to see how many different forums came up with the same questions, and I don't mean just the same topic of question, but exactly the same wording of both question and the identical answers. This isn't just a case of one user posting his or her question to various different forums in the hope of getting an answer: it's clearly the case that these several forums are copying the data from each other. I'd guess that this is done in an attempt to improve their search engine ratings and drive traffic to them, as well as to make them look busier than they really are. But when the tenth one came up with exactly the same thread I could have screamed!