yProxy™ Blog

If you don’t properly retire old web pages and software on your website, bad things can happen.

Recently, we hit the file quota limit on our Brawny Lads site.  There are two quotas in place for our web hosting account:

• Disk usage
• Number of files

Our quota limits us to 100,000 files, which seems like it should be enough.  However, we hit the limit, which prevented me from receiving emails or even checking my mail via the web mail system.

I searched for new files and found that there were many new files in our old forum’s folder.  We used to run Ikonboard for our forum, but we retired that forum when we moved to phpBB.  Ikonboard doesn’t use a database, so each new post creates one or more new files.

When our webmaster made the switch, he changed all of the links on our site from the Ikonboard forum to the new forum.  Basically, he hid the old forum by removing all links to it.

So, how were we still receiving new posts, all of which were spam? 

Ikonboard was installed in the default Ikonboard folder, which is /cgi-bin/ikonboard.  Apparently, some spam bots were accessing that folder directly rather than spidering through our website to find the forum, or they found the old forum by following an outdated link from another website.

Dangers of simply removing links

So, when you retire old software or web pages from your website, it’s not enough to simply remove the links for the following reasons.

• You may miss a link
• Other websites may be linked to it
• Once a spider visits and archives your site, that link may always be remembered
• Default locations are well known

Proper removal of web pages or software

When it’s time to retire an old web page or software, it’s best to do one or more of the following:

• Delete it completely
• Rename the folder or file to a new, unguessable, name
• Change the permissions so it can’t be viewed or run

Software that you leave laying around, thinking that you’ve properly retired it, may be a serious vulnerability, especially if you no longer keep it updated.