Thanks again for the great info!

Thanks again for the great info!

http://www.webmasterworld.com/html_editors/3446503.htm

http://www.webmasterworld.com/html_editors/3446503.htm

I have another question: I use FP 2003. Is there a way to FTP without extensions? Can I fix this without having to redo my pages? I have over 1000 pages and I just recently re-did my entire site in FP 2003. Can you advise me?

Thanks in advance

I have another question: I use FP 2003. Is there a way to FTP without extensions? Can I fix this without having to redo my pages? I have over 1000 pages and I just recently re-did my entire site in FP 2003. Can you advise me?

Thanks in advance

I know a lot of people like FrontPage and have used them for years without problems but I also know of people whose servers and websites are constantly plagued by problems because FP extensions are installed.

I think the only one who can really safeguard a server that uses FP extensions is your web host. Even then, there is very little they can effectively do because once you turn it on, it’s ‘open’ the only way to protect the server is to turn it off. Which is why most web hosts now have big red letters when you turn on FP extensions, to not turn it on unless you absolutely have to.

But to make matters worse, if you’re on shared hosting, even if you turn it off but someone else sharing the same server with you has it turned on, the whole server is vulnerable. That’s what happened to me once. I’d not used FP extensions in years but the site was still defaced because someone else did

This has been going on for years. Sorry FP users to bring bad news but it is what it is. If you’d like to read further about FP vulnerabilities here are some resources (mind the language and somewhat technical content):

http://www.acunetix.com/vulnerabilities/Frontpage-Extensions-Enab.htm
http://insecure.org/sploits/Microsoft.frontpage.insecurities.html
http://www.securiteam.com/windowsntfocus/5AP0H1PIAC.html

I know a lot of people like FrontPage and have used them for years without problems but I also know of people whose servers and websites are constantly plagued by problems because FP extensions are installed.

I think the only one who can really safeguard a server that uses FP extensions is your web host. Even then, there is very little they can effectively do because once you turn it on, it’s ‘open’ the only way to protect the server is to turn it off. Which is why most web hosts now have big red letters when you turn on FP extensions, to not turn it on unless you absolutely have to.

But to make matters worse, if you’re on shared hosting, even if you turn it off but someone else sharing the same server with you has it turned on, the whole server is vulnerable. That’s what happened to me once. I’d not used FP extensions in years but the site was still defaced because someone else did

This has been going on for years. Sorry FP users to bring bad news but it is what it is. If you’d like to read further about FP vulnerabilities here are some resources (mind the language and somewhat technical content):

http://www.acunetix.com/vulnerabilities/Frontpage-Extensions-Enab.htm
http://insecure.org/sploits/Microsoft.frontpage.insecurities.html
http://www.securiteam.com/windowsntfocus/5AP0H1PIAC.html

Lynette, can you elaborate more on what the pitfalls are with FP extensions. Are there precautions I can take if I have to use FP?

Thanks for all you do Lynette. You keep this “non-techie gal” safe from those internet bad guys.