• by Seana Mulcahy , July 7, 2003

Just when you think our lives can't get any harder working in the online biz... Have you heard the news? As you were like most Americans barbecuing and lathering up on the sunblock, you may have missed the warnings online. The Internet is said to be swarmed with hacker activity yesterday through day's end today. Talk about freedom of independence. Is it hype or real hackers out there?

Well as I write to meet my deadline of when this will be published, I haven't heard of any intrusions (knock on wood). However, The Internet Security Systems' (ISS) X-Force unit issued a public warning all publicly accessible sites due to a potential Web defacement challenge. Apparently these freaks are challenging one another to see how many sites they can deface worldwide to total 6,000 (in 6 hours) by July 7, 2003.

Ironically, as I was reviewing the alert on the site, a dialog box popped up. Take a guess what it said. "You are entering a page that is not secure." Before I give you the overview of the warning and additional information, let's take a bit of a side step. My thoughts got sidetracked a bit. I thought of the agency lifestyle. Ah yes, a peek under the tent of the creative geniuses that code, create, and copywrite your site. No matter how talented these folks are, they were most likely on holiday. My guess is the very thought of the protection of your site never entered their mind.

If you are on the sales or client side of the fence you probably associate agency people with the stigma of the crystal-ball-gazing-all-black-wearing-non-fat-half-capp-drinking-good-looking-yet-young-whacky brainstormers. Let's face it the agency world is corporate. All stigmas aside, few if no one thought of your site on their time off.

So now what? As are reading this, there may be still time to take a breath (don't freak out) and air on the side of caution. Analysts from ISS are monitoring the supposed hacking challenge and posting updates on their site. They recommend preventative measures including:

Ensure default passwords are changed. This should include web servers and any other servers (e.g. database servers) that the web server has a trusted relationship with.

Remove sample applications (CGI scripts Active Server Pages, etc.) that are not being used from production web servers.

Lock down Microsoft Front Page Extensions. By default Front Page Extensions are installed such that everyone can use them to author web pages even through proxy servers. Note that this also applies to Front Page Extensions installed on Unix platforms.

Turn web server logging on. Logs are essential to determining how a defacement was accomplished so a recurrence can be prevented.

Ensure you have a current backup of your web server.

Apply the latest security patches for your web server and underlying operating system after appropriate testing.

In the interim, call or email you agency contact(s) and talk to your webmaster and/or your IT department. Find out if the team has fully protected the site.

While you are at it, take a step ahead. What type of activity do you have resulting in traffic to your site? Perhaps its offline pieces with URLs tagged, online advertising, SEM, email marketing or just plain ole natural traffic. Regardless, your agency media team should be able to take this into consideration when evaluating your ad serving/tracking reports. Make sure they are not living in a vacuum. They should be scratching below the surface of mere traffic logs as the data relates to this week's activity. If you are in the States, you'll most likely have a dip in traffic due to the holiday and increased vacation times. The agency should correlate your traffic against that of the Web as a whole. For your sake, I hope their butts are in gear after having a few days off. While I'd like to think of comrades being proactive, they aren't.