Like most web design studios we don’t just do design all day, we develop websites from scratch and write all the code. This means we use all sorts of technologies on all sorts of platforms. Over the past few months we have noticed a massive increase in hack attempts on websites hosted on Windows servers.
Windows servers have always been bad. Linux servers seem to attract less attention. Most of the web design we do is for websites hosted on Linux servers and written in PHP but we do have a few ASP/Windows websites that run bit e-commerce websites. Locking down a Windows server can be hard work but even the most robust code written to avoid SQL injection hacks or cross-site scripting hacks can still fall fowl of the persistent hacker. Paramatised SQL queries and checks on form inputs will always help but we recently came across an IIS add-on from Microsoft that seems to do a good job of checking query strings for malicious code. URLscan runs as an ASAPI extension in IIS and checks every query string on every website for a set of parameters that you can specify. Our tests so far seem to be good and we’re hoping it will hold of the spate of attacks we’re seeing at the moment.
If you have a website design using ASP and hosted on Windows servers that you have control over IIS on then I’d seriously suggest you check out URLscan. ANother layer of protection won’t do your website any harm.
If you need any advice or help with your server call kc web design, Canterbury today.