Is your website getting hacked? Do you find strange files in your webroot directory that say things like H/\C|<@d by <hacker-name/> ? Do you find that folders on your website are suddenly full of files named index.html, index.htm, index.php, index.gi, index.asp, index.aspx and other index pages with any other file extension, all which read H/\C|<@d by <hacker-name/> ? You've been hacked!

Check to see if you have ftp running on your machine. If so, you should try logging into your own machine by ftp and see what you can do on it. If you know your way around ftp, (cd = change directory; put = copy file; dir=get directory listing; lcd = change directory on local machine, etc.) you should try to be able to see how far you can navigate in the file system on the computer you've logged into. If you can get into anything important, chances are the outside world can do the same thing. And if you can copy a file into an important area of the computer you've logged into, then you know that computer is compromised. What you might not realise is that there are thousands of "script kiddies" out there running programs that can figure out passwords just by trying them all on unsuspecting servers who have left ftp open for some innocent reason, like letting developers in to work on the website.

If you don't have your ftp acces set up correctly, you are asking for trouble. One of the most important ways to tighten up on your ftp is to first, limit the amount of user accounts who are dedicated to ftp. In fact, it is said that the most secure way of running ftp is to allow anonymous ftp to an isolated directory on a virtual path the server and give 'anonymous' full access to that folder, but nowhere else on the computer. That way, you allow the world to do what it wants for free, but the rest of your server is completely protected. However, that doesn't solve the problem of needing to have developers get access to the web files. So how do you allow that, without letting the whole world in, too?

Well, there are a number of approaches to securing an ftp site. The first, as I wrote, is user access. Start with creating one new account on your system to use ftp. When creating the user, avoid names like "Admin" "Administrator" "ServerAdmin" "ftpuser" and the like. Those names are the first ones the hackers try, let's use some common sense here. Make sure that user has a STRONG password. Not your pet's name, not your birthdate, not your favorite color or 123456. It has to be at least seven characters in lenght, with both upper case and lower case letters, some numbers, and some symbols like *&^%$#@+ 

Then set up one folder on your computer as the ftp parent folder, and grant access for that one user to that one folder. Make sure that folder is not a parent folder to something else on your machine -- like don't set it up over the webroot, or developer code, or any other sensitive content that you don't want people to have access to, make sure it is completely empty of all files and folders. Then set up that folder as your virtual ftp root directory using the IIS Admin console or Apache configuration or whatever it is that you use, so this folder becomes the "landing area" of anyone logging in via ftp. If set up correctly, the ftp will not allow a user to change to the parent directory from this level, but they may have access to folders beneath this level -- that means they can see all physical folders in the filesystem that are contained in that folder. That's why you want this folder completely empty. If set up correctly, however, they cannot see virtual paths that you create in the admin console. So if you set up the ftp service correctly, the ftp login can see no subfolders beneath them, and cannot change to the directory above, so if they don't know the name of the virtual path, they will not be able to get to it. These virtual paths can point to any folder on your system and they can have any name you give them. The stronger-named the path, the more difficult it will be for any hacker that manages to get your login credentials to get any further in your system.

To sum up, limited users, strong passwords, a well-designed ftp root with strongly-named virtual directories make it more difficult for hackers to get into your system, as they will have to crack the path name as well as the user name and password. The approach described above is always the best way to set up ftp. Our sysdamins and IT architects here at Web Dimensions, Inc. always ALWAYS set up ftp this way if it is necessary. You should never EVER have an ftp root set directly onto an important area like your webroot. This is just like inviting someone to hack you every day.

Actually, the very best way to protect your website -- and this is what we actually do here at Web Dimensions, Inc. -- is to have a LAN-WAN-based firewall with a router programmed to let certain fixed ip addresses route in on certain selected ports, and block all other ports for all other ip addresses, except port 80 for website requests and possibly port 25 for smtp mail requests for your public traffic. Most applications have a way of doing things through port 80 http protocols nowadays, or if they don't, we can write an app for that pretty easily. The point is, if all ports except http are blocked for everyone except certain ip addresses, then you will never EVER have a problem with this kind of hacker (of course unless you leave some other route exposed).

Welcome to Web Dimensions, Inc.

Here are some links to current projects and maintained websites:

Hello, and welcome to Web Dimensions, Inc.

We can help you to establish your online presence in any way, shape, or form that your business requires.

We can:

•  Create a home page for your business that looks and feels professional and interesting
• help you to obtain your own unique domain name or address on the web
• Give you the ability to manage your website and add new content regularly
• make sure that search engines find your website based on keywords relevant to your business
• give customers an easy way to contact you without exposing your email address to spammers
• automate the selling of your products online
• even create an online community for your product or service
• give you the ability to track your web traffic very specifically
• manage your email with spam-free private email boxes in the name of your domain

we are currently running specials for Musicians:

• play mp3s of your music when people view your site
• sell your mp3s with secure downloads
• embed your videos on your website
• collect fans' email addresses for mailing campaigns

so call us today at (305) 490-5338 to discuss your needs on the world wide web. We will bend over backwards to provide you with a solution to your needs at the lowest possible out-of-pocket cost.

If you are trying to establish a web presence for the first time, and you are not some kind of computer expert (who the heck is? well -- we are, but that part comes later) then you are in a very vulnerable position, not knowing whom to trust and/or whom to hire to manage your most important web-based business. Often, what ends up happening is that the small business owner ends up being hoodwinked by the web designer who masquerades as a system administrator and web manager, when you find out later you don't really own your own domain name and your artist or web designer -- who is the only one with access to those files which cost you so much money -- has flown the coop, with the password. We have seen these scenarios play out again and again.

We here at Web Dimensions, Inc. recognize that one of the most important aspects of our job (aside from the high-availability hosting, offsite backups and 24 hour-a-day monitoring of your websites) is client education. And I don't mean pedantic lecturing about this or that. What I mean by this is that we want each one of our clients to know how to protect themselves, how to own their own domain name if they wish to, and generally how to be the ones driving this bus that is their own company's internet presence. As your web hosting company, system administrator, application designer, and overall caretaker of your website, we feel that it serves everyone's interest that the client have some knowledge of the ins and outs of this business -- your internet business.

So call us today at 305 490 5338 or click here to send us an email to find out how to establish an effective internet presence, or to get answers on how to effectively manage your current web solution. You will find we have some very intelligent observations to share with you which will usually result in your getting further ahead in your goals on the internet. In the current economic climate, we can't afford to jack up your prices. I guarantee that I will do everything within my power to provide you with a cost effective quote for your needs that fits well within your pre-allotted budget.

Hugh J. Hitchcock
CEO, Web Dimensions, Inc.

We have worked on both Microsoft-based and open source-based platforms as well as Sun OS. We hold certifications in System Administration and have many years of experience in application development of all kinds. We can build Java apps, PHP, C++, .NET, VB, or generally whatever your project calls for.

We have worked with MS SQL Server database server as well as Oracle and MySQL. On the client-side, we have experience with html, css, javascript and image management, as well as video conversions and music applications. Streaming mp3 players are a specialty of ours as well as Flash videos.

We have also done extensive work using the new AJAX libraries, which add high level of functionality to existing websites.

Server-side, we've worked with Perl, Java, PHP, Vignette, Classic ASP and DOT-NET frameworks. Our current area of specialty is Microsoft DOT-NET programming primarily with C# (C Sharp). However we have worked on UNIX primarily with Perl and Java. Our chief architect / analyst is capable of analysing and getting a handle on any existing application. Call us today if we can help you with your project . 305 490 5338.

We are located in North Miami Florida, USA, however we service clients worldwide. The use of the telecommute option enables us to service your company remotely, wherever you are, by accessing your servers over the internet. This cuts down on your overhead, since you don't pay for office space or desktop computer equipment for our workers.

Our servers are housed in a secure data center with multiple offline backups. We've been here since 2002.

Over ten years of service to satisfied clients tells you that the telecommute solution works. Call us today for a free estimate of your project and how we can serve you. 305 490 5338

We have served many large-stream companies. Our main client from 1996 until 2009 has been Camper and Nicholsons International, where we handled web and database design and integration, system administration, web hosting, and application design and support for over 12 years. Please call us at 305 490 5338 if we can help you.

A bit about our history: our chief software architect was commissioned to create a cutting-edge document transcription program integrating Dragon Naturally Speaking voice recognition software with a medical database in 1998 for 21st Century Eloquence. That program can be found at http://www.eloquentlystated.com . He also worked at Microsoft as a contracted developer in 2000 where he worked for msn.com creating back-end database web GUIs. He helped develop a successful online travel website at www.1st-air.com in 1999, also assisting www.public-works.com in their many online projects over the years.

The following websites have utilised our consulting services:

www.reeltoreeltocd.com 

www.recordrescuers.com 

www.customaudiocds.com 

www.78tocd.com

www.vancouvermusicproducer.com

www.dmasonmusic.com

www.miamimusicproducer.com

www.oceanencounters.com

www.funkatology.com

www.findire.com

www.captainjarvis.com

www.webdimensions.biz

www.groovephonic.com

www.martianentropyband.com

www.beatsfordays.com

www.elisasintjago.com

www.hughjhitchcock.com

www.funkmeister.us

www.webdimensions.org

www.mandolinmaniac.com

www.thefunkatologist.com

www.camperandnicholsons.com

www.jessejonesjr.com

www.eloquentlystated.com

We provide turnkey solutions and support for your web presence. We create large applications for enterprise-level concerns as well as more basic solutions for small business. We can engineer your website to send, route and receive email. We design databases and integrate your website storefront with its back-end. We architect these solutions from the ground up, as well as being able to integrate existing packages with new features.

We can upgrade your site to the latest AJAX web controls. We can implement flash video and audio on your site. We can install a blog on your website.