Using Open Source Software on Your Website [ ...more ]

We support the efforts of open source software, and many of its authors. We have contributed to many projects both financially and with direct coding efforts. We heartily recommend using open source software on your website! It's a very good thing for you and the world.

Open Source Software and Your Website

We support the efforts of open source software, and many of its authors. We have contributed to many projects both financially and with direct coding efforts. We heartily recommend using open source software on your website! It's a very good thing for you and the world.

With all of this goodness comes some caution. Open source software is widely used, and in a few cases, the projects have contributors that don't pay sufficient attention to security. In addition there's an old axiom that says by the time software is bug free, it's obsolete.

There are many script-kiddie style attacks against poorly written open source software not because it's open source, but rather because it's so widely used. In all fairness here it should be noted that there's probably more attacks logged by us against commercial software like windows and iis. The difference is that you have no access to being able to fix the problem and must rely on the vendor to do it. Hopefully they are responsive, in many cases no so much.

We have a few suggestions for you to consider when attempting to use open source software on your website.

  • There are generally lots of different projects that perform the same functions. Choose one that has an active community [via some forums, blogs, wiki, etc] and provides patches or updates on a regular basis. This is necessary to insure that security and bug fixes are made available in a short period of time, hopefully before something bad happens to your site. If they have an active community these issues are generally reported quickly and someone offers a patch. The updates then make it into the distro pretty quickly as well. If you're confident with web application programming, you can support the project by creating a patch and fixing not only your own site but supplying that to the rest of the community. This is a key tenet of open source software and why it has evolved so rapidly.

    Additionally you'll be better assured that as the hosting environment evolves your outdated software will have an upgrade path and continue to be functional.

  • Try not to install the application in the root of your site or in the /default/ application folder for that project. Pick one that's somewhat unique like /x1234/ ... While we don't believe in security through obscurity, this does limit the script-kiddie style attacks and may buy you some time to get the patches installed. Use a redirector page or .htaccess file if you're on apache to handle redirection from the root of the site if this is your primary application.

  • Make sure you host your site with an ISP that keeps up with patches and uses proper security configuration on the servers. This can in many cases mitigate bad code and again give you some time. We constantly review our configurations for just this reason.

  • Make sure you keep your patch and version level up to the most recent for your project, don't just get it working and think it will be fine forever, most times commercial or open source, this simply isn't true.

 All of these are common sense, and really that's all that's needed. If you're unsure of how to accomplish some programming or installation task, ask a developer or the project community, they're all usually glad to help.

We can provide referrals to web developers we have experience with if you need that.

NOTE! Make very sure you install and configure your software properly and stay up with current updates and patches. We will remove applications or shut down a compromised web site immediately and without notice at our discretion.


Thank you
Support Department
EAS Enterprises LLC