June
2008
Hackers vs Bloggers..whos going down?
I have always been a very strong activist for Open Source, however with all the benefits it has to offer there are risks.
Having the source code open and freely available allows Hackers to really get under the bonnet and invent devious ways to just piss us off. The bigger the community open source project, the bigger the target. I was doing my usual rounds this evening on Twitter and I got an update from Nik Cubrilovic of Techcrunch fame. The post outlined the recent surge of hacked Wordpress blogs, you can read the article here.
Although as Nic points out the hacked blog can be fixed by upgrading to the newest version or patch and after spending some time cleaning out the links and pages created by the hack, things can be back to normal. But and this is a BIG but, yes the time and frustration caused by a hack can be annoying, my real concern is in the case that the Blog loses revenue, readers and even creditability.
If you have a basic personal blog this may not be the case, but how many Web 2.0 guru’s, web companies and marketing consultants are educating their clients of the risks of a open source. I know of many recent blogs for large corporate accounts that have been launched on Wordpress as part of the overall Web 2.0 strategy by many of the Who’s Who in the Web 2.0 Zoo. Now there is actually nothing wrong with this, but what is the back up plan? Are these blogs being backed up? Are they being updated to include latest patches and security releases?
I’m sure these things are being done by most - if not then consider this a reminder : )
Launching any Open Source Project on behalf of a client requires that:
1. The client be told of the possible risks upfront and the contingency plans you have in place to deal with any possible hacks down the line.
2. How often the blog will be updated, what the updates will cost the client and what the update will enhance or fix.
3. What can the client do, since in most cases the client after the intial set-up an training will maintain the blog. What must they look out for? The sooner they make you aware of a hack the sooner it can be fixed and live again.
I think these are the main points of concern that if addressed properly from the beginning will minimize the clients risk and exposure to irritating and credibility destroying hacks. We have had one or two of our own sites hacked over the years and thankfully we have managed to get everything back on track pretty quickly, but we have never had a Wordpress blog of ours hacked yet (touch wood), so if you have any advise or feedback I would love to hear it.
It’s us versus them and unfortunately they seem to be one step ahead.
