We write and publish these articles solely for the benefit of our clients and site visitors. Covering many of the latest issues affecting the internet and probably your website too!
Below is one of the many articles available for you to read.
The rest of the articles are accessible on the left hand side of this page.
Better safe than never!
Even if your web site does not hold any national security document you should take the security of your web site seriously. This is especially important if you are selling products on your web site.
Pages are typically designed to have one or more sale pages for your product. When a prospective customer clicks on a link to order they are redirected to PayPal, 2CheckOut or another payment processing service of your choice. This design has several benefits for small businesses. The most important benefit is that you are able to avoid the hassle of dealing with credit card transactions and other sensitive customer information. In 2007 it was published that 89 million identity records were compromised. The Identity Theft Resource is a good source of credit card data for further reading. It is a smart strategy for small businesses to utilize companies who specialize in handling financial information.
But you still remain at risk after this, and if you are selling a product that can be downloaded you must be prepared with proper protections for your product. Many web site owners unknowingly end up leaving their products improperly protected, allowing anyone who is looking in the right place to get them for free.
The three most common mistakes are:
1. Easy to guess filenames.
If 'AdWords Secrets' is the title of your book, don't create a file name called AdWordsSecrets.pdf. It would be too easy for people to guess the URL to download your book that way if the URL is www.example.com/AdWordsSecrets.pdf, or something similar.
You should add a version number or date into your filenames ex: AdWordsSecrets_v42.pdf, etc. This makes guessing the filename and the URL of the file more difficult.
2. Search engines indexing the download page or the product itself.
With an increase in efficiency of today's search engines it has become quite difficult to keep any website a secret from search engines. Even without public links accessing your product download page there are other ways for a search engine to discover it and index it. After it has been indexed anyone using that search engine will find your product download page information in their search results, making them able to download your product without charge.
Look up your site frequently to see what search engines are picking up about the site. With the larger search engines sites, you can look up by typing "operator yoursitename.com. This should give you a listing of all pages on your site that is indexed.
3. An inadequately constructed Robots.txt
robots.txt is a text file that you can place on your web server to guide search engines to what content they are allowed to index and what is off limits. While this may prevent most search engines from indexing your secret web pages, it opens up another vulnerability: any curious web surfer is able to view your robots.txt file. If the file explicitly forbids search engines from looking in the /downloads or /report directories, then it's very likely that's where the secret files are stored. With this knowledge the web surfer can more easily find your product and download it for free.
It is important to maintain the proper balance between protection of your files and directories in robots.txt and not allowing too much information about the structure of your site out.
Selling digital products online is a great business. Make sure that you get paid for the products that you have painstakingly created by following the guidelines above and applying common sense.
by Nick Dalton source: http://www.goarticles.com/cgi-bin/showa.cgi?C=725099
Valid XHTML 1.0 & CSS 2.0