Text only | Text with Images

Charlottezweb

Current News => News & Announcements => News Archive => Topic started by: Jason on September 25, 2006, 02:58:42 PM

Title: Policy on response to security concerns/compromises
Post by: Jason on September 25, 2006, 02:58:42 PM
I'm seeing more and more alerts from users and developers on security vulnerabilities and updates.  Part of the responsibility of installing and running scripts on your website is to be aware of any issues with that script's security.  If a server starts being impacted by a security issue related to scripting that someone is running on their website, I will always try to alert the user without taking their site offline if time permits.  If the issue is causing server-wide instability, I will temporarily suspend that user's account while I work to reach out to them.  This policy is to protect the health of the overall server and to keep every site on the server from being impacted by one user. 

You may be asking yourself:  How can I know of present security issues in advance of a problem?

1.  Please signup for any mailing lists maintained by the developers of whatever scripts you are using.  By doing this, they will email you any time they release a new version or a security update.  It is very important to stay on top of these to avoid having your site compromised.

2.  Many scripts now use communities (like this forum, for example) to keep users up to date.  Most often, you simply have to register on their forums in order to receive important announcements from them.  If you don't see a mailing list provided, register on their forum and you should be covered.

3.  I've started a thread to keep track of some of the common scripts people are using today with links to their mailing list signups or forums.  Please take a look and feel free to contribute to this thread so that we can build a large link archive:
http://www.charlottezweb.com/forums/index.php?topic=555.

4.  Watch our "Virus and Security Alerts" board on this forum.  This is by NO MEANS a substitute for suggestions 1 and 2 above, but as a backup, I try to post any alerts I hear about here:
http://www.charlottezweb.com/forums/index.php?board=5.0

Ultimately, I will try to avoid taking your site offline if it can be prevented.  If a server is experiencing issues that don't allow me to reach out to you first, I will need to suspend to protect everyone else.  By following the suggestions above, you should always know about any issues with what you're running -- typically before the events become widespread.

Please let me know if you have any questions.

Regards,
Jason
Text only | Text with Images