Hi,

Awhile back when I was just a normal customer of a web hosting company I had front page extensions running and my web site got hacked. They used the front page extensions to hack my site. And they pretty much deleted everything that was on my server. I was able to get ahold of the raw log files which was all I was able to get ahold of and through that I was able to track this person step by step as they did it. I disabled the FP extensions and I have never used them since.

What I am wondering is, what if a customer of mine absolutely wants to use FP extensions. How should I warn them of these things. And what if it happens. What steps should I take to stop that from happening?

-- Coy

If you setup the frontpage extensions with security in mind you will be fine. Make sure the authentication is working properly and use a wrapper (e.g. mod_frontpage for apache). I use the frontpage extensions on all my webs and didn't had any serious problem.

- domi

You should always apply the FrontPage extension security patches as they are released if you are a hosting company that offers FP. If you are a registered FP provider Microsoft will alert you of security problems and patches available.

Is mod_frontpage released by Microsoft or by another party?

I think it was released by a third party .

Under http://home.edo.uni-dortmund.de/~chripo/ you will find a very good version of mod_frontpage.
I use this without any problems.

- domi