I graciously received permission from Willie Crawford (be sure to check out his blog) to share the following with you. Willie posted it in the forum at his private membership site The Internet Marketing Inner Circle. I’m also a member and forum moderator at the site, and we have a good group of great people with various talents, skills, and levels of experience, who combine their expertise (and “personalities”) to make it a great site to join for anybody involved with an Internet-based business. Please take a moment to check out Willie Crawford’s membership site.
And yes, I’ve been known to jump in and help out people with security questions over there… 
Here’s Willie’s post:
After noticing my dedicated server slowed to a crawl, and frequently timing out, I did some digging around.
Tom Brownsword, our resident security expert, shared in an interview that we did that you shouldn’t leave unused scripts on your server.
In looking at one of my databases, I noticed that some fields had several MEGS of data… for a program that I had never used. It’s was an installation of PHPBB (an older version of this forum) that I started installing on one of my servers, but never used the forum after setting it up.
The forum was at http://DomainName.com/forum/
So I guess that someone guessed the url, found and registered for the forum, and then took advantage of exploits in a script that they were all-to-familiar with.
There were three registered users of this forum. One had over 12,000 posts, one had over 10,000 posts, and one had very few posts.
I clicked on the profile of the person with 12,000+ posts, saw a link to a website and clicked on it. My firewall and anti-virus programs both kicked in… informing that they had just protected my computer from an attack.
As I looked at the MySQL database for the unused forum, there was over 10 GIG of data there. Much of it was in the word search category. There was several meg of data in the comment and trackback tables.
I deleted the entire installation, and dropped the tables from the database.
My server is running much faster now
The moral of the story… listen to Tom when he says don’t leave “spare” scripts installed on your computer. Too many “bad guys” are searching for these scripts and know the holes.
The secondary point is that if you notice your website (or computer) running slooowwww, you might want to look for the cause.
Willie
Several other people joined in to discuss similar issues with their web server after that, so this must be a fairly common issue. Their problems ranged from using their allotted bandwidth and disk space to having their accounts suspended. Everybody would do well to follow Willie’s example.
Just a couple of things to emphasize (beyond getting rid of stuff you don’t need on your computer):
- Willie pays attention to what’s going on with his websites. Are you paying attention?
- Make sure that your computer is protected. One promising new product — a product that combines anti-virus and anti-spyware protection and was written from the ground up to meet today’s malware challenges — was recently released. You can learn more about it — and download a fully functional 15 day free trial — here.
- In Willie’s case, I think that somebody did just happen to find his forum and take advantage of it; however, most of these “discoveries” are done by automated scripts. And since the goal is money, your website is valuable to these malcreants, no matter how small or insignificant you think it may be. In other words, regardless of what you think, if you have a website, it is a target for stuff you probably don’t want there.
So “just do it” — get rid of scripts and software and Anything Else on your web server that you don’t need before somebody else finds a use for it!
I’ll cut this post short so you can get to work…
Best regards,
Tom
P.S. — If you’re interested in the interview that Willie talks about in his post, you can click here to learn more and get your copy.
Post a Comment