Archive for the ‘Computer Maintenance’ Category

« Older Entries
Newer Entries »

Properly retiring old web pages and software

Wednesday, August 6th, 2008

If you don’t properly retire old web pages and software on your website, bad things can happen.

Recently, we hit the file quota limit on our Brawny Lads site.  There are two quotas in place for our web hosting account:

  • Disk usage
  • Number of files

Our quota limits us to 100,000 files, which seems like it should be enough.  However, we hit the limit, which prevented me from receiving emails or even checking my mail via the web mail system.

I searched for new files and found that there were many new files in our old forum’s folder.  We used to run Ikonboard for our forum, but we retired that forum when we moved to phpBB.  Ikonboard doesn’t use a database, so each new post creates one or more new files.

When our webmaster made the switch, he changed all of the links on our site from the Ikonboard forum to the new forum.  Basically, he hid the old forum by removing all links to it.

So, how were we still receiving new posts, all of which were spam? 

Ikonboard was installed in the default Ikonboard folder, which is /cgi-bin/ikonboard.  Apparently, some spam bots were accessing that folder directly rather than spidering through our website to find the forum, or they found the old forum by following an outdated link from another website.

Dangers of simply removing links

So, when you retire old software or web pages from your website, it’s not enough to simply remove the links for the following reasons.

  • You may miss a link
  • Other websites may be linked to it
  • Once a spider visits and archives your site, that link may always be remembered
  • Default locations are well known

Proper removal of web pages or software

When it’s time to retire an old web page or software, it’s best to do one or more of the following:

  • Delete it completely
  • Rename the folder or file to a new, unguessable, name
  • Change the permissions so it can’t be viewed or run

Software that you leave laying around, thinking that you’ve properly retired it, may be a serious vulnerability, especially if you no longer keep it updated.

Tags:
Posted in Computer Maintenance, Security, Web Administration | No Comments »

Avoid using your ISP’s email services

Friday, July 25th, 2008

While others may dispute the legitimacy of free email accounts like Hotmail and Yahoo, the benefit of such services is that they are not dependent on your ISP.   A free web based email service can follow you around.  Your ISP’s email account is only temporary.

Many users are enslaved when their ISP raises their rates.  The users don’t want to leave and find another provider because they’ll have to change their email address.

If I need to change ISP to chase better prices or better service, I don’t want to worry about my friends, family, and professional contacts not being able to contact me.  Of course, many ISPs are strictly local (people move away), ISPs go out of business, and ISPs gets bought out.  For all of the above reasons, ISP provided email accounts should be considered temporary.

Previously, free email providers didn’t offer services as favorable as a typical ISP’s service.  However, today, most of the free email providers have grown the size of their mailboxes to compete with Google’s gmail (started at 1 Gigabyte and is now at approximately 6 GB).  Many free email providers also provide decent antispam software, yet still allow you to check your junkmail folder for legitimate emails that my have been mistaken as spam.

It’s time for merchants to stop declaring free email accounts as hot spots for thievery and refusing orders or sign-ups using free email accounts.  Free email accounts are perfectly legitimate.  Despite this, an order from kisses244@hotmail.com is definitely more deserving of scrutiny than an order from MarcusAdams@comcast.net.  However, an order from marcus.adams@hotmail.com still looks pretty good.

When you register yProxy, please remember that if you use your ISP provided email address such as myname@comcast.net, what happens when you change ISPs down the road and you need me to resend your registration information?  I can send your registration information right to the email address that you used on the order form because I know that your email address is password protected, and only you should have access to it.

If you want me to send your registration information to a new email address, that new email address could belong to anybody.  You’ll need to prove your identity to me by providing a preponderance of data that I can verify.  That’s not fun for you or for me.

You will have similar problems with many other online sites.  If you need to retrieve your password via email later, and you’ve switched ISPs, you may be out of luck if you used your ISP’s email services.

When I was in college, people asked me for two addresses.  There was my address and my permanent address.  My address was the apartment or other location I was staying at the time, most definitely temporary.  Then there was my parent’s house, my permanent address, where mail would always find me.

Everyone should have a permanent email address.  Either use a free email provider that’s going to be around for awhile, like Yahoo, Hotmail, or Gmail, or get your own domain and have an email address like mail@marcusadams.org.  It’s the 21st century–everyone should own at least one domain name.

Tags: , , , , ,
Posted in Computer Maintenance | No Comments »

« Older Entries
Newer Entries »