Blacksmith forging a sword the old fashioned way, the way we make websites
Welder creating a metal sculpture in the same craft genre as we use to create websites
Men working in a metal forge using time tested methods to do their craft using the same ethic we use to create websites
A violin maker patiently working his craft the way we make websites
Very high quality wood carver creating a piece for a church- we do websites to the same standard
A blacksmith making an implement the way blacksmiths have for generations - we take our inspiration from this
The violin maker paying attention to the minutest of detail, the same way we do with websites
Photographer that's climbed to the top of a mountain to get the perfect shot; we go to these legnths too
The violin maker getting the minutest of detail right, just like we do with websites
Photographer photographing technical drawings
Jeweler examining some microscopic detail on a ring - we scrutinise ourt work the same way with old fashioned values
Stone carver making a filial for a listed building. We take the same care when we create websites
A vintner examines the quality of his wine the same way we produce websites - they're not finished until they're right
Home » Blogs » Lee's blog

Hey! There's a linux worm about!

Submitted by Lee on Tue, 02/21/2006 - 14:33

I must admit I panicked a bit when I read this at The Reg as much of our code uses PHP or is linked to PHP apps in some way. Steeling myself for a long night’s firewall tuning and fending off skiddiots, I was pleased to see that rather than “Mare-D” it should really be called “Linux Worms for Dummies” (and maybe released as a book!) as it relies on register_globals to be turned on.

Now Dewi has posted at length on why this is A Bad Thing (and I’ll find it and link to it) but this is something no webmaster, and certainly no one who runs multiple sites, should ever have switched on. There’s a lame line of reasoning that states for backward-compatibility with legacy applications (by lazy coders?) it could be maintained, but we don’t do this under any circumstance and won’t do either.

I would say we dodged a bullet this time but I can picture the sigh and look of resigned condescension on Dewi’s face as he patiently explains the lengths he goes to to structure his code to not respond to such attacks. Aside from that all servers have been checked again and all patch levels are up to date. Time for more coffee!

»

Similar entries

  • MorganAlley blogs

    Lee’s blog

    Lee comments on running a small business in the fierce and weird web-design and applications field, why Linux will win and how to make the perfect cup of coffee in a cheap cafetiere.

    Dewi’s blog

    Dewi’s excessively geeky programming blog, with rants against the evils of designed-by-committee languages, and tips for avoiding some of the worst of the hoop jumping.

  • Great news out of Microsoft

    Great news out of Microsoft today* (am I really saying this? I shock myself sometimes…)! Microsoft has teamed up with Xensource to support Linux installations running as virtual machines on Xen virtualization software when it runs on top of a Windows server. I know that’s a mouthful but it’s significant in several important ways documented today on The Register.

  • MorganAlley Intelligent Website monitoring

    Website Monitoring

  • MorganAlley website security services

    Website Monitoring

    There are lots of services (some of them are even free!) which will monitor your website for you. The thing is they don't really tell you much that's actually useful.

    Our service can help you answer several important questions:

    Is my website up? How can I know right away if my site has been hacked? Does it take potential customers way too long to get to my site? read more about this….

  • MorganAlley Website Resilience services

    Website Resilience

Find Us On...

Find The MorganAlley Websmiths on TwitterFind The MorganAlley Websmiths on FacebookFind The MorganAlley Websmiths on LinkedIn