This is a quick note to suggest that if you are running web sites using php scripts, you should regularly (weekly at least) check to see if there are any security upgrades for the scripts. This can be fairly straightforward if your script was loaded using fantastico in a hosting control panel - or fairly laborious if you uploaded the script yourself.
Why?
Well, php scripting doesn't seem to be as secure as cgi/perl scripts - and hackers use known backdoors to scripts to inject all sorts of malicious content into your site. I saw a recent example where people were being redirected from an innocent and innocuous site to sites promoting gambling - and worse.
It might not have been so bad if the redirect was to a genuine, well regulated site; however, the real problem with these redirects is that the end site might only exist to collect your credit card details.
So, please keep scripts up to date and make sure you change your web hosting passwords regularly as well. If you do install scripts on your web site, unless they go into the root directory, you should try to choose directory names which are more difficult to guess so that your site is harder to find by someone wanting to hack an insecure script.
Keep safe!
Margaret
No comments:
Post a Comment