As you are aware, website security is an ongoing issue that we all face... from person-to-person sharing of log-in information, to website 'hacks'. Hackers may specifically target your website by hand, or they may have written a program to crawl the Internet and look for vulnerabilities. In this environment, it's important for us all to realize how important website security is. No website is 100% secure, so it is every network administrator's job to keep a very close eye out for both security updates and signs of 'new and improved' ways that a website can be compromised.
Last week, one of our client's websites was the recipient of a successful attack. It is not the first time this has happened, and we can't guarantee it will be the last. We do our very best to maintain security and are on constant vigilance to prevent and counter attacks on our network. It is unfortunate that one such attack made it through, and affected one of our high profile websites here in Southern Oregon.
The Jackson County website was off-line for a few hours last week due to this attack. Through the use of injection code against one of our MicrosoftSQL databases, a criminal hacker was able to change the links on the County's website. We quickly shut the site down, fixed the issue, and restored a clean copy of the website. Because the public website was hosted at Project A, no other Jackson County online applications were affected. In this case, having the public facing website hosted on our server may have helped prevent further issues.
This particular database vulnerability has been fixed. Hackers will not be able to use this technique again. But it's important to realize that there are most certainly other ways an intruder can gain access to a website. Because of this, data backups are a mission-critical business practice. Through the use of our regimented procedures, backups became our best resource to quickly restore from this attack.
To read more about the incident with Jackson County, you can see their posting at http://www.co.jackson.or.us/News.asp?NewsID=814
To read up on world-wide attacks (20,000 since January!) using just this particular intrusion technique, see http://news.yahoo.com/s/infoworld/20080417/tc_infoworld/98554
We take security very seriously on all levels. We are proud of the fact that we design and host websites for all types of organizations including local governments, banks, school districts, and small business. Not only do we train our staff on the latest information security measures, we frequently undergo and pass audits initiated from external security agencies to help insure our network reliability.
If you have any questions about our security policies, procedures and best practices, please contact us.