Comments on: Hacked Website: 5 Preventive Action Steps

By: Merlyn Sanchez

Merlyn Sanchez — Sat, 08 Mar 2008 15:50:37 +0000

I was surfing your blog this morning and found this post – thank you so much! This is very timely for me as I haven’t been the most conscientious about backing up my data. I also wasn’t aware about the issue with FP extensions. I’ll be referencing your post on my blog and trackback to you.

Thanks again for the great info!

By: Lynette

Lynette — Tue, 02 Oct 2007 16:47:07 +0000

Hi again Blair. Yes, you don’t have to use FP extensions to publish a website. But if you go FTP, you won’t be able to edit Live or your included content may break. As mentioned before, I haven’t used FP in ages. Not exactly sure what will happen but found this thread that might help enlighten you.

http://www.webmasterworld.com/html_editors/3446503.htm

By: Blair

Blair — Mon, 01 Oct 2007 18:35:37 +0000

Thank you for the information on FP. The way you put it was professional. I do want to know about the pitfalls of FP. I just thought it is rude to make discouraging remarks about FP with no explanation. It felt like a put down.

I have another question: I use FP 2003. Is there a way to FTP without extensions? Can I fix this without having to redo my pages? I have over 1000 pages and I just recently re-did my entire site in FP 2003. Can you advise me?

Thanks in advance

By: InternetBasedMoms Experts » Securely Share Logins With Your Team

InternetBasedMoms Experts » Securely Share Logins With Your Team — Mon, 01 Oct 2007 16:45:43 +0000

[...] week, I wrote a quick post about 5 simple action steps you can do to minimize chances of your website being hacked. In one of these action items, I talked about using RoboForm. I figured it would be a [...]

By: Lynette

Lynette — Sun, 30 Sep 2007 23:59:48 +0000

Blair, all that Rich and Nic said about FP extensions are not meant to be mean or discouraging. They are correct. FP extensions open up a lot of vulnerabilities to any hosting account.

I know a lot of people like FrontPage and have used them for years without problems but I also know of people whose servers and websites are constantly plagued by problems because FP extensions are installed.

I think the only one who can really safeguard a server that uses FP extensions is your web host. Even then, there is very little they can effectively do because once you turn it on, it’s ‘open’ the only way to protect the server is to turn it off. Which is why most web hosts now have big red letters when you turn on FP extensions, to not turn it on unless you absolutely have to.

But to make matters worse, if you’re on shared hosting, even if you turn it off but someone else sharing the same server with you has it turned on, the whole server is vulnerable. That’s what happened to me once. I’d not used FP extensions in years but the site was still defaced because someone else did

This has been going on for years. Sorry FP users to bring bad news but it is what it is. If you’d like to read further about FP vulnerabilities here are some resources (mind the language and somewhat technical content):

http://www.acunetix.com/vulnerabilities/Frontpage-Extensions-Enab.htm
http://insecure.org/sploits/Microsoft.frontpage.insecurities.html
http://www.securiteam.com/windowsntfocus/5AP0H1PIAC.html

By: Blair

Blair — Sun, 30 Sep 2007 22:14:17 +0000

Front Page has worked very well for me. I am not sure why another poster felt the need to make discouraging remarks about it.

Lynette, can you elaborate more on what the pitfalls are with FP extensions. Are there precautions I can take if I have to use FP?

Thanks for all you do Lynette. You keep this “non-techie gal” safe from those internet bad guys.

By: Rich

Rich — Sun, 30 Sep 2007 21:06:52 +0000

Great post Lynette and a very nice reminder for everyone.

One of the resaons not to use FP Extensions is the folders it creates on your hosting account are very nice places for hackers to hide malicious scripts they can then activate remotely. Who ever checks what’s in those folders?

By: Doug Woodall

Doug Woodall — Sun, 30 Sep 2007 14:54:43 +0000

Well put. Its very important to take steps to protect your site. Ive had instances of my competition trying to take down my site. Granted these are rare, but if its your business, you have to protect yourself. Make sure your hosting provider is reliable. and set up their services they provide to insure backups get done. And dnload those backups and put them somewhere safe.

By: Nic

Nic — Sat, 29 Sep 2007 23:46:54 +0000

If you’re not using the (obsolete) Microsoft FrontPage software to design your website, you don’t need FrontPage extensions. If you are using a FrontPage version newer than 98, you probably don’t need FrontPage extensions regardless. But if you’re using any version of FrontPage, you have my sympathies.

By: joyce

joyce — Sat, 29 Sep 2007 23:28:12 +0000

Lynette: You mentioned do not install FP extensions if not needed. What is the reason for not using FP extensions?