Web Design


Search Engine Optimization

Internet Marketing

Domain Registration


Shopping Kart


Our Portfolio

Customer Testimonials

About Scott Creative Services

Our Staff


Referral Program

Contact Us

Internet 101

Living With PHP

Virus Cleanup and Protection

What is my IP



Living With PHP - What you need to know after you have contracted PHP

PHP on an Apache Server
At this time, Apache servers are the most secure and popular website servers in the world: They offer a secure shared environment for millions of websites.

To accomplish this, every website owner is provded with a part of the servers' resources that part is isolated from all the other websites on the server. This is called "shared hosting".

Imagine a big circle of shops and stores in a very large building, each shop with an outside facing public access door and an interior facing private door.

Large gangs of theives roam unabated on the outside of the building and mingle with the normal everyday customers who frequent these shops. But they have to be able to break down the inside access door in order to compromise the shop.

Normally, only shop owners have access to the inside door, thus isolating each shop one from another. Each owner has his own unique access key to open the inside door. This is accomplished by assigning user names and passwords, as well as labeling all the store contents with a unique ID identifying that shop.

Occasionally, a janitor or building manager needs to have access to the store, so there is a special key given to those people so they can access all the inside doors to perform their respective duties. Much like the key a Maid uses in a hotel so she can change the linens and clean the bathrooms.

Like the "Maid" key, each server also has a "master key" that has access to everything on the server.

The writers of the PHP programming language decided early on to require "master key" level access to any server that runs applications written in that language. Well, almost. As long as a PHP application doesn't want to store any data collected from the shop customers, "master key" access is not required.

But, the people who program in PHP almost all want to store user or other data. And "Aye Matey, There's the rub".

When "master key" access is given to any shop owner, he now has inside door access to EVERY OTHER SHOP ON THE SERVER running PHP. If that server hosts 10,000 shops, every PHP shop owner has access to every other PHP shop owner's store and any data inside the store.

Now, you guessed correctly. The Gangs on the outside wanting to get in have pretty much stopped trying to pick the inside door locks, one-by-one. They quickly decided to trick any one unsuspecting shop owner into giving up his key. That's all it takes for the criminals to have access to ALL THE PHP SHOPS on the server because that shop owner's key is a "master key". How fortunate for them!!

With the "master key" there is NOTHING ANY OTHER PHP SHOP OWNER CAN DO TO STOP THEM FROM RAIDING EVERY OTHER PHP STORE IN THE BUILDING! There is no software, armed guard, or traps that can even slow them down. No Government: No "Wyatt Earp" who can stop them and there is no way to protect against the gangs as long as a shop owner uses PHP programs. The ONLY protected shop owners are the ones who haven't granted "master key" access to EVERYONE!

So Technical Note: "Master Key" access means "World Writeable Folders". The World is every website on the same server. Every website with 777 folders is "world writeable". My Advice: If you are conversing with a PHP advocate and that person is ignorant of that fact, run away from that person as fast as you can.

All you can do is keep backups and when your website is compromised, simply restore from the backup and wait until next time to repeat the process. Changing your passwords is like standing in a large forest screaming for help when there is no one to hear you. It offers no protection at all from other sites on the same server.

You don't have to feel badly about any of the other PHP sites being compromised through your site because you have no way to know if you were the first to be compromised or someone else. Basically, it's like getting an STD. If you are going to play, you have to accept the consequences. The "preventative" measures one can take all are only partial preventions. They do not protect from every circumstance. Just consider PHP an acceptable risk and move forward with many, many backup restoration cures.

And, REALLY don't believe anyone who says PHP never gets hacked, or that they never have been hacked. Every PHP site with "master key" access get hacked!

You might ask yourself: "why would I want to have a website written in PHP?". The answer is simple. Everyone is doing it, why not you? Get into the lifestyle and you will get used to it.

Some common PHP applications:

CMS (Content Management Systems) Joomla, Drupal and Wordpress are the most popular. There are many others too numerous to list here:

Shopping Cart programs: There are almost no shopping kart programs today not written in PHP, just consider they all are. (But why would you want your shopping customer data stored with "master key" accees? Oh well, everyone is doing it. Why not you too?

Forums: Again, virtually every forum today is written in PHP. It is really had to find one that isn't.

Accounting Software: Many accountig programs today are written in PHP. What in the world for? Who woudl want to trust their company records to "world writable folders"? Almost everyone. Why not you?

Guset books and Membership access: Same story.

Hey PHP writers: You pretty much have infected the entire world with your langage. How about fixing it? One simple thing. I know that Windoes didn't have a permission based system but they somewhat do now. Don't procrastinate. Fix it today rather than tomorrow. You can do it! Just believe in yourselves and try.




No high pressure tactics, no gimmicks or gadgets, no black hat techniques.
Integrity is our bottom line. We employ white hat techniques and specialize in relationships with individuals and companies that want more than just a web presence. We guide you through the vast Internet maze while demystifying the process. If Internet sales of your product or service is what you want -
not just traffic or a high ranking - you have come to the right place!

All backed with knowledge -
Gained from years of experience, being in the website business since 1996, and our outstanding customer service.



©Copyright 1996-2008. Scott Creative Services, Inc. All Rights Reserved.
Site Design & Hosting by Scott Creative Services, Inc.
Scott Creative Services, Inc. | 805 Maxwell Drive | Niskayuna, NY 12309
760-944-0622 Voice | 518-557-0388 Voice | 760-692-1142 Fax
  Our Privacy Policy | Our Refund Policy | Our Acceptable Use Policy | Legal | Walmart | Links
  K&J Magnetics - Strong Neodymium Magnets
K&J Magnetics - Incredibly strong neodymium magnets at affordable prices. Large variety of stock rare earth magnets available.

Black Friday Deals came Early to Walmart.com! Shop Black Friday Week at Walmart.com! Offer valid 11.25-11.27