The other day, I tried to access the main page of a website that I maintain. I got a blank page. That was just a bit disconcerting.
I refreshed my cache, no improvement. However, I briefly saw a reference to another website on the status line while the blank page was coming up. Concerned the site had been spoofed, I contacted the service provider.
After some investigation, and testing on multiple systems, we determined the page displayed just swell in Firefox, but not in Internet Explorer (versions 6 or 7)! It turned out that there had been an unauthorized insertion of code on the main page. After removing the code, the page displayed properly.
Conversations with the ISP revealed that they were aware that there had been security breaches into their systems. While they suggested I change passwords, they could not say that the problem had been a password hack.
You read about people having their sites broken into, but it feels a bit different when its your own site!
Kerrie Meyler, a Microsoft MOM MVP, is an independent consultant and trainer with more than 15 years of Information Technology experience. A previous senior technology specialist at Microsoft, she focused on infrastructure and management solutions, presenting at numerous product launches. More recently, she presented on Operations Manager 2007 and gave several podcasts at TechEd 2007.
Kerrie has worked with Microsoft Learning to develop Microsoft Official Curriculum (MOC) for several courses, including the Implementing Microsoft Operations Manager 2000 course, and did the beta teach for that course.
Kerrie is the lead author of Microsoft Operations Manager 2005 Unleashed and Microsoft System Center Operations Manager 2007 Unleashed
Check out an excerpt from System Center Operations Manager 2007 Unleashed, Chapter 3: Looking Inside OpsMgr.
The opinions expressed in this Weblog are those of the writer and may not represent the opinions of Network World.
|
|
Feel for you
Yes, it feels bad, today it's almost like to find that someone had rearranged your furniture or maybe raided your fridge when you weren't home.
If you weren't totally sloppy with password, etc (no, I don't think you were) there are a couple other possibilities. And maybe just because I'm in bad mood and have been in IT and security a long time - is 30+ a long time? One - your ISP had a real problem, not that the person had to penetrate them but they also had to penetrate whatever security they have in place (any?) to protect their customers. Most(?) ISP's (hopefully) have have layers of security. This would be about the worst case, it would prove that they have lost their whole integrity. Second - an inside job? Happens, seen that more than enough! Maybe a prank or just to prove something, I don't think (no offense) changing your site gives anyone any profit? Or, what shouldn't exist but too many web sites use this (crazy) model accepting scripts, SQL, whatever to be executed from outside connection, the user? There is (not even theoretically) no way to check everything for security in those cases - otherwise we would have no problems, interpreters and compilers would already do that for us but can't today - could but that's another story.
About showing up and not showing up in some browsers, what can I say? IE has been notorious a long time not following the standards BUT it doesn't mean that others are so much better - or that some sites are just clueless - I'm afraid banks and gov. too often, they code for browser exceptions and not very well even for those. Some sites I really have to go in order Firefox, IE different versions, Opera, Safari, Konquer (supposed to be Safari equivalent but isn't), rest of the browsers and one of them works. Just can't tell upfront which one. Heh - have to brag a little, running OS X, Windows (XP) and Linux at the same time in a Macbook - handy and fast!
Post new comment