Home Accessibility Courses Diary The Mouth Facebook Resources Site Map About Us Contact
Who is knocking at your web site door? Are you well set up to deal with allcomers?

Halfseat compartment Anyone who advertises a public facing web server / web site is telling everyone about a door to their resources ... and even those people who have web sites which they don't advertise are likely to be talked about and so discovered by a potentially wide audience. So it's rather important for the people who are looking after the web server and web site to be very careful about that door:

* What can be taken out of the door?
* What people can bring in through the door and leave with you?
* Whether the door is big enough for everyone to pass through.
* Whether the property behind the door is big enough to handle all the customers.
* Can you keep customers queueing at the door at busy times, or will they give up?
* Will there always be at least someone inside the door to look after customers?
* Indeed - will there be enough staff to handle all the customers coming through the door?
* Whether the Landlord's going to get upset if there's too many people coming to your door.
* Is the door always going to be accessible?
* How will you know if something malfunction in the door's operation?

Door operating InstructionsIn the "real" world, there are checks and controls and common sense on all of these issues. Think of a shop, of a train, of a private house (or a public house) and you'll see how we administer each issue in day to day life. It may be through signage and good common sense, as in these instructions from the railway carriage telling you how to open the door. And people can make mesaured decisions too, based on how long a queue they find when they turn up, or they can come back later if they're advised that something will take a bit of a while.

In the world of the Internet, and web sites, all the aspects need to be considered, but handled automatically. The traffic level is much higher than in the real world, the visitors less forgiving if things don't work right (and obviously) for them, and many of those visitors will be looking to take advantage of you.

• If you were to walk into each of the shops in Melksham and try to leave a pile of leaflets advertising [something] without permission, you would soon find they were chucked out, and that you came to the attention of the shopkeepers and perhaps the police. But online, there are enormous numbers of automated programs looking to leave things on your web server ... and they are constantly knocking on your door, trying out your staff daemons, to see what they can leave where others may find it.

• Similarly, if you walk into a shop (or perhaps the Tourist Information Centre, where much of what's on display is free) and try to leave with their display stands, they'll probably stop you. But online, there are again a lot of automated programs that are looking to get things off your server which are the fixures and fittings rather than the goods you have on offer. That's so that they can learn about your systems and come back to leave their advertising material later, via a back door rather than through the front.


Web site and web server security is a huge subject ... to give you an idea, we had 110,000 requests made to our front door yesterday. I estimate that around 45% of those requests are from search engines indexing our pages (these are benign automated programs that will help get our message out to the world), and around 40% of the requests are from real users looking for a resource that we've made available for them. Another few percent can be accounted for by people "hotlinking" images off our web site (see [here]) and that leaves just over 10% of requests being of "security concern". Not a high percentage, but just one request that penetrates a hole in our system would be one too many.

Malicious Automata tend to look and see if certain files / URLs exist on your server. They'll speculatively try some common names, and also names of files that they know exist in standard software packages to see if you have those loaded. Off course, 999 times out of 1000 you won't have that software loaded, and in the remaining case you'll probably have fixed the problem / set a password / not have the right setup to be vulnerable.

For the 999 out of 1000 failed malicious requests, we want to respond as quickly, negatively, and efficiently as we can. Incoming requests for pages that have names which aren't even close to what's on our site are, therefore, met with a very simple "page not found" response - with a header code that clearly says the resource does not exist. The page doesn't follow the format of the rest of the content of our site; I'm all for uniformity, but really I don't want my staff daemon to be spending a lot of time dealing with these rogues, nor do I want to have my landlord getting upset as I ship them loads of information in response to their request which they'll never use. That page can be found [here] if you want to see what it looks like, and it includes a link to this article so that the occasional real visitor who gets it and is interested can read up. The page may be short, but it IS polite ... so that majority of real users who get to it - perhaps because of a broken link on someone else's site, or because of a mistyped link, will simply follow one of the offered links to really help them find the resource.




P.S. Yes - we're a training company and consultancy. We cover some web security on courses such as deploying LAMP, and welcome other questions and enquiries. We may be able to help you ourselves, or point you in the right direction if not.
(written 2011-10-21)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
A606 - Web Application Deployment - Apache httpd - log files and log tools
  [3984] 20 minutes in to our 15 minutes of fame - (2013-01-20)
  [3974] TV show appearance - how does it effect your web site? - (2013-01-13)
  [3670] Reading Google Analytics results, based on the relative populations of countries - (2012-03-24)
  [3554] Learning more about our web site - and learning how to learn about yours - (2011-12-17)
  [3447] Needle in a haystack - finding the web server overload - (2011-09-18)
  [3443] Getting more log information from the Apache http web server - (2011-09-16)
  [3087] Making the most of critical emails - reading behind the scene - (2010-12-16)
  [3027] Server logs - drawing a graph of gathered data - (2010-11-03)
  [3019] Apache httpd Server Status - monitoring your server - (2010-10-28)
  [3015] Logging the performance of the Apache httpd web server - (2010-10-25)
  [1796] libwww-perl and Indy Library in your server logs? - (2008-09-13)
  [1780] Server overloading - turns out to be feof in PHP - (2008-09-01)
  [1761] Logging Cookies with the Apache httpd web server - (2008-08-20)
  [1656] Be careful of misreading server statistics - (2008-05-28)
  [1598] Every link has two ends - fixing 404s at the recipient - (2008-04-02)
  [1503] Web page (http) error status 405 - (2008-01-12)
  [1237] What proportion of our web traffic is robots? - (2007-06-19)
  [376] What brings people to my web site? - (2005-07-13)

G902 - Well House Consultants - Web site techniques, utility and visibility
  [4239] Facebook marketing - early experiences - (2014-01-19)
  [4136] How do I post automatically from a PHP script to my Twitter account? - (2013-07-10)
  [4115] More or less back - what happened to our server the other day - (2013-06-14)
  [4076] Web site - fully back! - (2013-04-29)
  [4001] Helping search engines with appropriate 400 error codes - (2013-02-11)
  [3896] An email marathon - (2012-10-15)
  [3776] Some traps it's so easy to fall into in designing your web site - (2012-06-23)
  [3745] Legal change - You need to obtain user consent if you use cookies on your website - (2012-06-01)
  [3744] Short Web Addresses for Melksham - (2012-05-30)
  [3734] QR codes with marketing logos embedded - (2012-05-16)
  [3623] Some TestWise examples - helping use Ruby code to check your web site operation - (2012-02-24)
  [3589] Promoting a single one of your domains on the search engines - (2012-01-22)
  [3563] How big is a web page these days? Does the size of your pages matter? - (2011-12-26)
  [3532] Sharing the user experience - designing a form with the customer in mind - (2011-11-29)
  [3426] Automed web site testing scripted in Ruby using watir-webdriver - (2011-09-09)
  [3367] Google +1 - what is it? - (2011-07-22)
  [3197] Finding and diverting image requests from rogue domains - (2011-03-08)
  [3149] Looking back at www.wellho.net - (2011-01-28)
  [3022] Retaining web site visitors - reducing the one page wonders - (2010-10-31)
  [2981] How to set up short and meaningfull alternative URLs - (2010-10-02)
  [2668] Is it worth it? - (2010-03-09)
  [2569] How to run a successful online poll / petition / survey / consultation - (2010-01-10)
  [2552] Web site traffic - real users, or just noise? - (2009-12-26)
  [2532] Analysing Google arrivals by country of origin - (2009-12-10)
  [2519] Status Page / breaks of service in early December - (2009-11-30)
  [2410] Removal of technical resources from this site - (2009-09-19)
  [2389] Writing with our customers words - (2009-09-01)
  [2341] Koulutus, Open Source tietokone kielillä - (2009-08-09)
  [2340] ldning, Open Source dator språk - (2009-08-09)
  [2339] Opplæring, Open Source datamaskinen språk - (2009-08-09)
  [2338] Uddannelse, Open Source computer sprog - (2009-08-09)
  [2337] Opleiding, Open Source computertalen - (2009-08-09)
  [2336] Formação, Open Source computador línguas - (2009-08-09)
  [2335] Ausbildung, die Open-Source-Sprachen - (2009-08-09)
  [2334] Formazione, Open Source computer lingue - (2009-08-09)
  [2333] Formación, de los lenguajes de código abierto - (2009-08-09)
  [2332] Formation, des langages Open Source - (2009-08-09)
  [2225] How important is a front page ranking on a search engine? - (2009-06-09)
  [2065] Static mirroring through HTTrack, wget and others - (2009-03-03)
  [2056] Web Site Loading - experiences and some solutions shared - (2009-02-26)
  [1982] Cooking bodies and URLs - (2009-01-08)
  [1970] Plagarism - who is copying my pages? - (2009-01-02)
  [1961] Making our things easier to find - (2008-12-26)
  [1955] How to avoid duplicating web page maintainance - (2008-12-20)
  [1888] Find the link - (2008-11-16)
  [1856] A few of my favourite things - (2008-10-26)
  [1833] Web Bloopers - good form design - avoiding pitfalls - (2008-10-11)
  [1797] I have been working hard but I do not expect you noticed - (2008-09-14)
  [1793] Which country does a search engine think you are located in? - (2008-09-11)
  [1756] Ever had One of THOSE mornings? - (2008-08-16)
  [1747] Who is watching you? - (2008-08-10)
  [1711] Rapid growth leads to server move - (2008-07-17)
  [1653] How do Google Ads work? - (2008-05-25)
  [1634] Kiss and Book - (2008-05-07)
  [1630] To provide external links, or not? - (2008-05-04)
  [1610] PHP course dot co, dot uk - (2008-04-13)
  [1554] Online hotel reservations - Melksham, Wiltshire (near Bath) - (2008-02-24)
  [1541] Colour, Composition or Content - (2008-02-16)
  [1534] Where in the world / country is my visitor from? - (2008-02-07)
  [1513] Perl, PHP or Python? No - Perl AND PHP AND Python! - (2008-01-20)
  [1506] Ongoing Image Copyright Issues, PHP and MySQL solutions - (2008-01-14)
  [1505] Script to present commonly used images - PHP - (2008-01-13)
  [1494] A time to update pictures - (2008-01-03)
  [1437] Above the fold with First Great Western - (2007-11-19)
  [1297] Stuffing content into a web page - easy maintainance - (2007-08-09)
  [1212] What brought YOU to our web site? - (2007-06-01)
  [1207] Simple but effective use of mod_rewrite (Apache httpd) - (2007-05-27)
  [1198] From Web to Web 2 - (2007-05-21)
  [1186] Two new pages / sites - (2007-05-14)
  [1184] Finding resources - some pointers - (2007-05-13)
  [1177] Sorting out for a site map - (2007-05-05)
  [1104] Drawing dynamic graphs in PHP - (2007-03-09)
  [1055] Above the fold - (2007-01-28)
  [1029] Our search engine placement is dropping. - (2007-01-11)
  [1015] Search engine placement - long term strategy and success - (2006-12-30)
  [994] Training on Cascading Style Sheets - (2006-12-17)
  [976] Santa at the station - (2006-12-09)
  [916] Driving customers away - (2006-11-07)
  [893] Visibility - (2006-10-14)
  [800] Effective web campaign? - (2006-07-12)
  [767] Finding the language preference of a web site visitor - (2006-06-18)
  [757] Horse and Python training - (2006-06-12)
  [732] Where is a web site visitor browsing from - (2006-05-24)
  [718] Protecting images from theft - (2006-05-12)
  [681] Mirroring a dynamic site - (2006-04-12)
  [658] Keeping the visitors happy and browsing - (2006-03-26)
  [649] Denial of Service ''attack'' - (2006-03-17)
  [533] Bigger Box Campaign - (2005-12-18)
  [528] Getting favicon to work - avoiding common pitfalls - (2005-12-14)
  [510] Dynamic Web presence - next generation web site - (2005-11-29)
  [492] New Navigation Aid - Launch of My Wellho - (2005-11-11)
  [414] Form Madness - (2005-08-14)
  [369] CMS - the minefield of Choices - (2005-07-05)
  [348] Graveyard pages - (2005-06-15)
  [347] Frightening and from-friend viruses and spams - (2005-06-14)
  [322] More maps - (2005-05-23)
  [320] Ordnance Survey - using a 'Get a map' - (2005-05-22)
  [314] What language is this written in? - (2005-05-17)
  [311] Growth pains - (2005-05-14)
  [288] Colour blindness for web developers - (2005-04-22)
  [284] The Iconish language - (2005-04-19)
  [278] Cover all the options - (2005-04-13)
  [276] An apology to Mr Boneparte - (2005-04-11)
  [274] Our most popular resources - (2005-04-10)
  [268] Information request forms, cleaning up spam - (2005-04-05)
  [261] Putting a form online - (2005-03-29)
  [259] Responding to spam - (2005-03-27)
  [222] Who are all these visitors? - (2005-02-20)
  [202] Searching for numbers - (2005-02-04)
  [197] Allow for peak traffic on your web site - (2005-02-01)
  [182] Your personal Google ranking - (2005-01-19)
  [179] The hunt for unique words - (2005-01-16)
  [173] Data Mining - (2005-01-09)
  [165] Implementing an effective site search engine - (2005-01-01)
  [142] Colour for access - (2004-12-06)
  [117] A case of case - (2004-11-14)
  [109] URLs - a service and not a hurdle - (2004-11-04)
  [98] No more 'Error 404' pages. Something better. - (2004-10-24)
  [32] Web design platoon - (2004-08-29)
  [23] Skills and responsibilities - (2004-08-22)


Back to
How not to call when job seeking ...
Previous and next
or
Horse's mouth home
Forward to
Upcoming events in and about Melksham - more dates for your diary
Some other Articles
Looking forward - Chamber of Commerce has 2012 and beyond on the agenda
Databases - when to treat the rules as guidelines
West Wilts Rail User Group - Walk yesterday from Bradford-on-Avon to Trowbridge
Upcoming events in and about Melksham - more dates for your diary
Who is knocking at your web site door? Are you well set up to deal with allcomers?
How not to call when job seeking ...
Python courses and Private courses - gently updating our product to keep it ahead of the game
Python sets and frozensets - what are they?
Public transport - road and rail
How important is public transport to people in the Melksham area?
4280 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2014: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 899360 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/mouth/3491_Who ... mers-.html • PAGE BUILT: Sun Mar 30 15:20:58 2014 • BUILD SYSTEM: WomanWithCat