Merry Christmas everyone and guess what? You are going to receive a present on the Internet this year in your inbox. You will know it by its name; IM.GiftCom.All, or Santa Claus Worm. Yes this little virus will be one Christmas gift you may never forget.

Isn’t great how well the Federal Trade Commission is doing with SPAM in their special report to Congress on their hard work on the CAN SPAM Act? Well, it appears not only can they not prevent SPAM, this Christmas Gift will come to your email box by SPAM; your own special and personal Santa Computer Virus Worm is Coming to Town.

It is amazing the number of media outlets that the FTC contacted to send press releases to in order to tell everyone that they now have to worry about slightly less SPAM emails in their box, while simultaneously some hacker out there somewhere is trying to prove a point and show just how easy it is for them to unleash a virus.

Shouldn’t the Federal Trade Commission just admit that their efforts to curb SPAM, SPIT, Phishing and Identity Theft just have not even made a dent in the problems our communication and civilization faces? So far there is no word out yet if this Santa Clause worm virus or the IM.GiftCom.All can be stopped once it enters your computer.

Computer Virus Companies are standing ready, yet you have to worry about all the variants too once these viruses get going. Merry Christmas and best wishes and do not open; IM.GiftCom.All think on this.

"Lance Winslow" - Online Think Tank forum board. If you have innovative thoughts and unique perspectives, come think with Lance; http://www.WorldThinkTank.net/wttbbs/

The Federal Trade Commission says that SPAM Phishing is on the rise in a recent report to the United States Congress? May I ask why on Earth we need an agency paid for out of the taxpayer’s money to tell us the obvious? I mean yah, Dah; does it seem worthless to you that we have such complete incompetence in our government that we deserve this? I mean come on? This is a friggin joke? Obviously this is on the rise all you have to do is look into your email inbox. What a bunch of crooks at the FTC taking taxpayers money to tell us what we already know and then putting it into a 116-page report to Congress? What a waste of paper, trees, and the rain forests, please?

Do these bureaucrats even hear themselves talk? Are they so busy to get home for the holidays that they think that such garbage will suffice? Look we need closure in the war in SPAM, we need to defeat these insurgents, the FTC, well they just want more money for their budget and to appear to be looking like they are doing something, yet show up with proof to the US Congress and the American People of their Incompetence? Why do we allow this? Now the FTC wants a bill called the US SAFE WEB Act of 2005? Which is an acronym for: “Undertaking Spam, Spyware, And Fraud Enforcement With Enforcers Beyond Borders.” I agree that we need to pursue these insurgent Spammers across the borders, but do you really trust the FTC to be the agency to do it? They really do not appear to be able to do anything right but toot their own horns? That is my opinion, lets “CAN” the FTC. Think on it, as it is time to cut the budgets in DC.

"Lance Winslow" - Online Think Tank forum board. If you have innovative thoughts and unique perspectives, come think with Lance; http://www.WorldThinkTank.net/wttbbs/

In this age, the information age, data is the driving force of many businesses, especially internet-based businesses. Data is frail as it is subject to loss due to computer viruses, back-up failure, mechanical failure, physical damage to media storage devices, hard drive crashes, natural disasters, and human error. When these unintended and often unpreventable disasters happen, data is lost and service to your customers is compromised. Thus, the role of a data recovery company is to salvage your data and to protect your customer relationships from being damaged as a result of lost or damaged data.

Flawed thinking amongst many business owners is that the services of a data recovery company will not be needed if a systematic back-up process is used. Some companies leave it up to individual computer users to back-up their data on a regular basis. Some back-up their servers periodically throughout the day, and some use automated back-up services.

While backing up data regularly diminishes the possibility that a data recovery company will be needed, always consider the fact that even the best back-up systems fail from time to time. Also, if back-ups are kept onsite, rather than offsite, the original data source and the back-ups are subject to loss in case of fires or natural disasters. While many business owners and computer users know this, it does not always seem practical to back-up data systems and to store the back-ups offsite. Indisputably, storing back-ups offsite is a good idea; however, in practice it rarely happens. More often, companies that experience crashes of data systems end up wishing they had an up-to-date back-up and they end up relying upon a data recovery company to salvage what they can.

One way to resolve the problem of impractical offsite back-up storage is to employ the services of an automated, off-site back- up company such as backup.com. Such services generally require a small monthly fee that is very reasonable considering that they totally eliminate the need for onsite back-up media. They enable you to choose important data files that need to be backed up regularly and to schedule the back-ups to occur automatically. Moreover, the back-ups are saved to an off-site server so they are secured in a location separate from the original data source.

The main things to consider when selecting an automated, offsite back-up service are cost, reliability, accessibility, and security. Some automated, offsite back-up services encrypt data prior to it being transmitted via the internet to a data storage center to ensure secure transmission. Most use passwords that authorize your access to the data which is made available through internet access twenty-four hours a day, every day of the year. Immediate, easy access to the backed up data is essential so that you can restore your data files anytime in the event of a catastrophe.

Using an automated, offsite back-up service does diminish the possibility of lost data, but it does not guaranty that the services of a data recovery company will never be needed. Even the best and most professional back-up services fail occasionally. For this reason, it is best for you, as a business owner, to be forward-looking and proactive by finding and analyzing data recovery service providers and to identify a data recovery company that will efficiently and effectively meet your needs for data recovery if your business is so unfortunate as to experience a catastrophic event that results in lost or damaged data.

Do not wait until disaster strikes to find a data recovery company. In the wake of a disaster you will not have the time or the drive to effectively evaluate and choose a data recovery company that you can confidently rely upon. Choosing an automated, off-site back-up service and a data recovery company should be a priority for you regardless of what phase of business planning you are in.

Copyright Christopher J. Enders. Are you at the end of your rope, fed up and confused by all the scrambled internet marketing advice you’re getting? Whether you are new to internet marketing, or a website owner who wants to make more money from your website, learn the proven strategies that will sky-rocket your internet business at http://BiznessTips.com

It’s wise to remember how easily email — this wonderful technology — can be misused and misdirected, sometimes unintentionally, with serious consequences. Unless you are using encryption, the privacy of your message cannot be guaranteed nor the authenticity of your correspondent.

Consider the case of a man who left the snow-filled streets of Chicago for a vacation in sunny Florida. When he reached his hotel, he decided to send his wife a quick email, who was planning to meet him there the next day.

Unfortunately, when typing her address, he missed one letter, and his note was directed instead to an elderly preacher’s wife whose husband had just passed away. When the grieving widow checked her email, she took one look at the monitor, let out a wail, and fell to the floor in a faint.

At the sound, her family rushed into the room and saw this email note on the screen:

"Dearest Wife, Just got checked in. Everything prepared for your arrival tomorrow. P.S. Sure is hot down here."

What actually hurts here is that the email was not being intercepted but rather, inadvertently directed to the wrong location. The nickname feature in many mailers can cause accidental emails being sent to co-workers instead of family members, or vice-versa. It’s a strange new kind of miscommunication, where you can misdirect emails a dozen times before lunch. At least with misdialed phone numbers it becomes apparent after a few moments and you usually stop before saying too much. With email, it is now possible to quickly send a completely coherent message that is nonetheless nearly incomprehensible to a mistaken recipient.

Bigger mistakes can come from an accidental “reply” or even worse, “reply all” instead of “forward”. A recent example would be when a congressional staffer accidentally hit “reply all” when intending to forward a comment to fellow staffers on a “Support the Captive Primate Safety Act” email he’d received from an animal rights group. The original email was supporting legislation to prohibit the keeping of primates such as monkeys and great apes as pets, and asking for co-sponsors to protect not only animals but humans as well, as there are inherent dangers in keeping such pets. The staffer’s comment was meant to be funny, and read: “Does this deal with those kids out in Ohio(?) who were kept in cages?” However, this email went out to the legislators behind the Captive Primate Safety Act instead of being forwarded as an inside “joke”, leading to a very sticky political exchange.

Other instances of email misdirection puts organizations In legal and/or financially risk, causing a number of compliance issues. A 2005 Harris Interactive® for Fortiva poll, shows that 68 per cent of U.S. employees who use email at work have sent or received email via their work email account that could place their company at risk.

While all these examples may be a good arguments as to why you should disable the “reply all” function altogether, the fact remains that the way a standard, unprotected email is sent out is very akin to the mailing of a postcard. With the wrong address attached there is nothing, not even an envelope, to dissuade an unintended recipient from reading about, for instance, the naughty things you did while in Vegas. Even worse, the mistaken recipient can in turn “reply” and you could be end up with unsolicited correspondences for the lifetime of that email address.

Use it wisely, and email is indeed a wonderful tool. Email is fast, easy to use and has become a cultural method of propelling personal and business communication. The bottom line is this - do not trust confidential information to email unless you are using security such as encryption or rights management. Whether it’s due to misdirected email or breach of email etiquette, your email could be exposing yourself to more than you know.

Schwarz is the director of creative marketing at Essential Security Software and is responsible for worldwide creative marketing strategy and execution, corporate branding, and public relations. Essential Security Software (ESS) is a provider of document and email security solutions. ESS has developed a premier, easy-to-use, peer-to-peer content protection and user rights management solution that enables small business owners and individuals to securely distribute sensitive email messages and documents while protecting the privacy, integrity and authenticity of their intellectual property. ESS believes that people have the right to affordable security software technology that is powerful, flexible, and easy-to-use.

“Rest Assured Your Computer Files Are Not As Secure As You Think They Are, This Article On 448 Delta Is The Beginning Stage To Your Hard Drive -– Your File Data Security Patiently Awaits Its Purpose; To Encrypt or be Decrypted Is The Question…?”

Are you getting fed up with hackers tapping into your hard drive and breaking down the barriers to your firewall?

Or are you flat out insecure about your computer? If you are then it’s because you do not have enough security encryption going on.

Critics say approximately 97.3% of computers are traceable, hack able and just straight up insecure. There’s not enough encrypted software going around where your computer privacy is in good safe hands, not even your own.

This goes to show you only 2.7% of computers have the proper security features for their protection. It’s amazing how such a small group upgrades their protection and not just with security but with wisdom.

Here are 5 reasons why you should know about 448Delta Encryption;

•Hackers are constantly seeking to steal data from your computer.
•Firewalls are being broken through and don’t emit enough protection.
•Your client data has extreme value, keep it safe as if it were in a hidden vault.
•Never lose your file data and keep your file privacy to yourself.
•448Delta allows you to feel secure about the files on your computer while you’re asleep.

Not being able to encrypt your desktop and hard drives files can cost hundreds, thousands or even millions of dollars just because someone feels like tampering with your data.

I’m sure you hear stories about someone’s computer getting bugged with a virus or possibly a hacker stole some information. Whether this may be the case or not, you need t be introduced to this security tool called 448Delta Bit Encryption.

448Delta Encryption is an easy to use file and folder encryption application that uses a 448-Bit Blow-Fish encryption algorithm. It is capable of encrypting single files or packing entire directory structures containing over 10,000 files and folders into one encrypted package.

448Delta also supports compression and self-extracting executables making it a great archive tool. The 448Delta Encryption software device is a powerful security tool which can prevent anyone from capturing and viewing your personal or business files.

The 448Delta software is really neat and very easy to use. You don’t need to be a rocket scientist to figure it out. Just to give you an idea, when you right click on the file you want encrypted, you can secure the file with 448 Bit Encryption.

Once you’ve set your encrypted password to a secure parity level, you can erase your old file since the new file exists with its security enabled feature. One thing I will suggest if you don’t have a great memory and that is this…..Write down or study and memorize your password. Trust me it will save you from losing your data.

One time I submitted a 228 parity level password and I ended up forgetting it because it was so long and ended up losing some valuable information. I would hate to see this happen to you.

Computer security is growing rapidly by the minute and the only one who has control over their files of information is you. I also strongly suggest you equip your pc with an armed fire wall for your vital protection.

I recommend going with something like Zone Alarm which is free shareware. The Zone Alarm Pro edition where you get full features and benefits is on the net for only about thirty bucks.

Also if you’re using a router with a built-in fire wall, I would highly recommend configuring it properly as a second option.

If you wish to scope out some more additive information on 448Delta and view the screen shots then pursue the resource below.

In description of, Joseph Mercado is known as The Internet Marketing Tyrant of security software information; http://www.hiddensecuritysecrets.com

In today’s world of globalization and wide spread of computers, Internet has become increasingly popular way for communication, for expressing yourself, for sharing your mind with everybody. Popular types of resources include web blogs, instant messaging, chats, forums and many others. Just a few clicks and everybody in the world knows about your point of view on politics, culture, science, relationships, whatever, since quickly evolving technologies bring Internet to millions of people around the world.

But no good comes without bad. The worst thing to consider about many modern technologies such as Internet is a complete lack of privacy. Sitting at the front of your computer screen and surfing the net you are being watched constantly, by many people and organizations, interested or not. How is it possible? Let’s see.

Internet is based on IP - Internet Protocol - special network protocol designed at the beginning of 70s for U.S. defense purposes, but has become widely used solution today (take a look at http://www.isoc.org/internet/history/brief.shtml for more information). Basically, most today’s computers are connected by IP, and its extension, TCP/IP. We will not dive into details of TCP/IP here, but rather give a short explanation and point to major privacy concerns. Main idea of IP protocol is a set of independent nodes (computers) connected somehow between themselves, each node has unique identifier assigned to it, and special rules exists which help computers exchange data with each other through intermediate computers, called "IP routers". The unique identifier is called IP address, and every networked computer must have it in order communicate to others. To view your current IP address, run "ipconfig" from command line under Windows, or open web site like www.netconceal.com or www.showmyip.com.

Ok, but what’s wrong with my IP address? Like a regular address (e.g. your postal address), IP address identifies your location, no matter how you are connected to the Internet. For example, DSL connection from your home is managed by ISP (remember, you have to sign agreement with ISP, and your actual and billing addresses are there). Wireless connections, such as GPRS or WiFi are being tracked as well (GPRS stations are able to determine your position with a mile precision, WiFi are even more location-bound), and service providers always register and identify you as a subscriber. Try web sites like www.ip2location.com to see this in practice (the information is not exactly precise in all cases, but remember, technology improves daily!).

Every time you surf the Internet, your IP address is publicly visible to everyone on target network resources, therefore, your actual location and even name and age can be tracked as well. Of course, this costs something (they need to contact web site owner or hosting provider, and ISP or WiFi access point owner), but interested parties can implement this fairly easy. This is very serious point to consider. For example, you submit blog article, and express your opinion about politics, criticize something or make really controversial statements. That’s was just an opinion, relax, everybody. But someone, being, for example, a religious fanatic or simply paranoid, can find you and shoot you right at your home. What’s the hell, why? That’s true, simply because he knows EVERYTHING about you, your IP address, and thus your name and physical location, since all web sites keep logs of IP addresses accessing them (once you submit your post, web site records a number of entries in its log file, putting together your post and your IP address).

Just for demonstration, 4 simple steps to know everything about specific person:

1. Retrieve web site logs (not a problem for site owners, they already have them). How can these logs be retrieved by anyone? Simply by contacting web site owner, and many of them will give theirs logs away with easyness, don’t worry. Just send e-mail using published contact information (click link like "Contact Us"), write words like: "Some guy who is using your site is suspected in credit card fraud, he has stolen my money already!", or "The person with nickname ‘blackjack’ from your site is promoting child porn, we need your web site logs for investigation, thank you." and 99% - you’ll receive desired logs.

2. Analyze logs. For example, get timestamp of specific blog post and search for records matching this timestamp, then compare URLs of web site request and extract IP address from log entries.

3. Obtain IP address owner (the Internet Service Provider, ISP). Use www.ip2location.com, it displays ISP. For well-known ISPs like Verizon - you’re almost done. Otherwise try looking it up in Google and find their web site. Half an hour and you’ll surely find it.

4. Contact ISP, supply IP address, and say something like you did in step (1), and they’ll easily reveal user of their IP address, because they don’t want problems with that user. That’s it.

Is there any way to protect you against this? Relax, really good solution exist and the rest of this article will point you right there.

Basic idea of all privacy solutions is faking of your real IP address. How is it accomplished? Solution is based on intermediary computers, which are placed between you (the person who wishes to hide himself from everyone) and target web sites (and other network resources - such as instant messaging, file sharing etc). Those computers are called ‘Proxy Servers’. How does Proxy Server work? Very simple: it’s just like a very simple tunnel between you and web site, all data sent by you to web site or received by you from web site are passed through proxy server as is, using special SOCKS protocol (don’t mess with foot socks, it’s just a coincidence . What’s the difference? Exactly, target web site sees Proxy Server IP address, but not your real IP. And web site logs keep Proxy Server IP but not your real one as well. Sound great, but how to use this?

Anonymous Proxy Server lists are published throughout the web on special web sites, for example www.proxyblind.org. Actually, proxy server list looks like a simple sequence of IP address : port number pairs, for example:

123.43.12.96 : 1080

98.15.13.17 : 1080

150.19.87.31 : 1080

Choosing proper Proxy Server from such lists can be a tedious task, some of them may be valid, and some are not. You just test them one by one, select valid ones and save them for further usage. This work must be repeated each time you want to use proxy, since Proxy Servers get closed very often. After choosing proper Proxy Server, you have to connect your application (web browser, instant messenger, whatever) to it and work. Try configuring your application for use with proxy server. For example, MSN, Yahoo! and ICQ support SOCKS proxies, but some programs do not. Microsoft Internet Explorer and Firefox web browsers also support this, but you must select another kind of Proxy Server - HTTP proxy (in opposite to SOCKS proxy).

Special software was developed to address the issues listed above - NetConceal Anonymizer, it keeps you free from manual proxy server checking, SOCKS configuration and supports ALL applications. Actually, a few clicks to hide IP address and become anonymous.

Download NetConceal Anonymizer (http://www.netconceal.com/download.php) now and try it. Once the installation is done, NetConceal Anonymizer is started automatically, now click the ‘Launch Web Browser’ or ‘Launch Other…’ buttons. Proxy selection is done within a minute, then application is started and you can use the Internet fully anonymous, since your real IP is invisible to everyone. Too good to be true? Please try it before criticizing.

To learn more about NetConceal Anonymizer software, check out the www.netconceal.com web site and contact us if you need more help, we are really glad to help you with evaluation and ongoing usage.

Read related topics about anonymity and Internet privacy - http://www.netconceal.com/articles.php.

NetConceal Inc. was established in the beginning of 2005 as software company concentrated in online privacy and Internet security solutions for personal and corporate customers. We have a long term plan to become a major provider in those areas of IT industry. The first product, NetConceal Anonymizer, was released in May 2005. It will be followed by many state of the art online privacy and innovative Internet security solutions.

NetConceal means "network conceal", it hides and secures you within public and private network. And we beleive that everyone has the right to stay anonymous and secure, in this age of globalization and complete surveillance. Maintain Online Privacy with Internet Security Solution NetConceal Anonymizer!

Everyone wants to get rid of pop ups and make their surfing more pleasant. While you are online, you are continually shelled by advertisements which pop up on your computer screen.

There are countless different kinds of programs offered. You will find pop up blockers, pop up killers, and pop up stoppers. The programs on the marketplace today have a lot of different names. There are a number of programs that are better than others and get rid of pop ups that other programs miss. Some programs will work better with different operating systems. Be sure to locate the one that will work with your computer and provide the features you want. Discover a program that will eliminate pop ups and make you content again.

There is a number of dissimilarity among the programs existing. However, the key common element is to provide you with a product that will help you fight back, eliminate pop ups, and regain control of your computer system. You can do away with pop ups from your Internet surfing environment.

Popup advertisements are inconvenient because they send you unwanted advertisements. People don’t recognize the added problems that popup ads create. Pop up ads pull information from your computer. Popup ads can cause disaster on your computer and make your Internet browsing a dreadful.

It is possible that someone is spying on your every move and taking information from your computer without you even being aware of it. Pop up ads capture information from you such as your email address, credit card information, bank account information, email addresses, and watch your surfing habits. You are a target for identify theft, spy ware, and ad ware unless you take some sort of action to protect yourself.

Try a few types of programs to help you with this problem until you find the best one for your needs. You may find it necessary to use more than one program at a time.

James Hunt has spent 15 years as a professional writer and researcher covering stories that cover a whole spectrum of interest. Read more at http://www.pop-up-blocking.info

Social Engineering in its basic form is hacker talk for manipulating computer users out of their username and password. Social engineering really goes beyond just usernames and passwords. A well planned social engineering attack can destroy companies. All of the most devastating information thefts have used some sort of social engineering attack. Social engineering is so effective because computer admins and security experts spend all their time patching systems and not training employees about information security. Information security goes beyond patching computers, it is a combination of physical security, computer/network policy and employee training.

This article will describe many of the common security flaws that information thieves take advantage off and how you can prevent them.

1. Web sites Information – Company web sites are the best place to start when gathering information. Often a company will post all their employees names, email addresses, positions and phone numbers for everyone to see. You want to limit the number of employees and phone numbers listed on a web site. Also, live active links to employee email addresses should be avoided. A common mistake is a company’s email user name will be the same as their network logon, example: email address of jsmith@nocompany.com has a user name of jsmith for the network with the same password for email and the network.

2. Phone Scams – Scamming someone on a phone is very simple. Company employees need to be trained to be courteous but cautious when giving callers information over the phone. One hacking scam is a hacker will call a company posing as computer salesmen. The salesmen will ask the secretary what type of computers they have, do they have a wireless network and what type of operating systems they run. Hackers can use this information to plan their attack on the network. Train your employees to refer any IT related questions to Tech Support.

3. Outside Contractors – Outside contractors should have a security liaison to monitor their activities. Security liaisons should be briefed on what work the contractor is hired to perform, area of operation, identity of contractor and if the contractor will be removing items from the work site.

4. Dumpster Diving – The easiest way to get information about anyone is to go through their trash. Shredders should be used in all cases or shredding services should be hired. Also, the Dumpster should be in a secure location and under surveillance.

5. Secretaries – They are your first line of defense, train them to not let anyone into your building unless they are for certain whom they are. Security cameras should be place in the main entrance way and also on the outside of the building. A thief who is probing your network will test to see if he is challenged upon entering the building, cameras can help identify patterns and suspicious people.

6. NO PASSWORDS – Make it company policy that the tech department will never call you or email you asking for your username or password. If somebody does call and ask for a password or username red flags will go up every where.

7. LOG OFF – Social Engineering attacks get the hacker into the building and they will usually find many workstations where the user hasn’t logged off. Make it company policy that all users must log off their workstations every time they leave it. If the policy is not followed then the employee should be written up or docked pay. Don’t make a hacker’s job any easier than it already is.

8. Training – Information security training is a must for any size company. Information security is a layered approach that starts with the physical structure of the building down to how each work station is configured. The more layers your security plan has the harder it is for an information thief to accomplish his mission.

Sign up for the most popular wireless networking news letter on the internet. Simple and Secure http://www.wirelessninja.com

A new form of attack on Windows computers allows a hacker to take control of your computer when a particular graphic is displayed. There is no patch available from Microsoft as of Jan. 2, 2006, but there are steps that can reduce the computer’s vulnerability.

The WMF Flaw affects all browsers, Internet Explorer, Firefox, Mozilla, Opera and many others.

Millions of computers have been infected.

The flaw is in how Windows handles a graphic format – Windows Meta File – and lets a hacker install a "backdoor" that downloads adware, spyware and Trojan Horses on a compromised computer. The flaw has been rated “Extremely Critical” – the highest level.

You don’t have to click on a link, open an attachment or take any other action, just be able to view the graphic on a web page, in an email or even an Instant Message.

Even "safe sites" such as WebMD can be a carrier, since ad banners that are not hosted at WebMD may inadvertently contain an infected graphic.

According to the Washington Post (12-28-05), “it is hard to find a recent Windows threat as potentially dangerous as this one — the problem may be more dire than initial reports suggested … According to an advisory published by Microsoft late Wednesday, the flaw is present in every Windows version dating back to Windows 98…“, even fully updated systems.

A free illustrated guide to reducing vulnerability to this attack is available at www.HelpProtectMyComputer.com/WMFflaw.html.

The new fully illustrated eBook, “Help! Something’s Got Hold of My Computer and It Won’t Let Go!” contains tools, fixes and education to prevent Phishing, Pharming and many other forms of attacks on PCs and is available at www.HelpProtectMyComputer.com. A free PC Security newsletter, The Blinking Cursor, is also available at the site.

The Internet is important to us all. You can help by forwarding this article to the people you care about and, if you are employed, bringing it to the attention of your Information Technology staff, because they may be overwhelmed by this massive attack.

© Steve Freedman, Archer Strategic Alliances, 2005 All Rights Reserved

Steve Freedman Author of "Help! Something’s Got Hold of My Computer and It Won’t Let Go!" A PC Security eBook for Newbies, Skilled Users and Wizards
http://www.HelpProtectMyComputer.com
Archer Strategic Alliances
http://www.WebPagesThatWork.com

1. Backup your website on the server.

If you have more than one important web site, put them on different web hosts. Don’t rely on your web host for backups.

Find two different hosts which allow SSH access. Get an account with each. FTP the backup of one site to the other server directly, and vice versa. Download copies to your home computer as well.

2. Put a file called ‘index.html’ in every major or important directory in your website, if it doesn’t already have one.

This stops people trying to peek at other files in the same directory.

3. Do not use old versions of FormMail. Do not use scripts that are newly released, unless you know how to check for security holes.

They should filter input like \# or >. Search on the terms ‘Script Name bug’ or ‘Script Name security’.

4. Rename any email scripts you download before installing them.

Why give a spammer a clue as to what your script is, and what it can do?

5. Do not give files or directories obvious names, like ‘pass’, ‘emails’, ‘orders’ and the like.

Again, why make it easy for snoopers?

6. Do not leave unencrypted, confidential information on your server.

It’s only a computer in a room God knows where, with God knows who having access to it.

7. Use a popular web host.

That cheapo one might be an un-committed reseller. Their Google PageRank gives a clue as to how popular they are. Send them an email or two. See how long it takes to get a reply. Check out their forums; how busy are they? They don’t have a forum? Next!

8. If you are setting up .htaccess files or any other type of password protection, use long and varied passwords.

"Ch33s3And0n10n" is a lot more secure than "cheeseandonion", and just as memorable. Make your password at least 8 characters in length, containing both letters and numbers, and both upper and lower-case letters. Ordinary words can be guessed by brute-force cracking programs.

9. Strip scripts down to the bare essentials. Upgrade them regularly.

Programs like PHPNuke have lots of features in the default install. They allow webmasters and users a lot of control of website content. This creates vulnerabilities. A ‘Nuke site of mine was hacked during Christmas 2005, by an Arabian group. Fortunately, I had a backup. I didn’t have fast internet access, at the time, to upgrade it. I only needed one module working, so I removed the inessential ones, and changed file permissions on the admin section. At the time of writing, I’m waiting to see what happens next!

If you don’t truly need it, turn it off.

10. Be careful what you say about other people or products on your site.

Not really security, but… people are very touchy about criticism. ‘Flame wars’ are a waste of time and energy, so avoid them.

T. O’ Donnell http://www.ttvanity.com is an ecommerce consultant in London, UK. His latest project is a freeware mortgage calculator, available at http://www.tigertom.com/mortgages-uk.shtml