Websites lock out cyber-vandals

Websites are getting tooled-up to stop cyber-vandals defacing their homepages.

After falling victim to a digital vandalism attack, which resulted in disruption and financial loss, Australian software house MFX Research (MFXR) developed a tool to offer protection from such attacks, called WebSiteLock.

MFXR plans to launch a product featuring similar technology for users of hosted sites, called ValidSite, on 13 September. This product supports file transfer protocol, making it suitable for users who need to update a hosted site remotely.

Bruce Parker, research and development director of MFXR, said: "We believed that our firewalls would protect us - but we learnt the hard way. We wanted to ensure that no one else should have to suffer the enormous disruption that was caused, let alone have to pay the time and cost we had to bear."

The technology works by continuously monitoring all files on a website. If the software detects any changes it rebuilds any 'tampered' files with the original files, and immediately reports any attack. The software allows authorised users to make changes to the website, but blocks anyone else.

A spokesman explained that the product should be viewed as "last-ditch protection" and does not move companies away from the need to use a firewall. It is, however, a better alternative to the protection of website content than intrusion detection systems, which he described as "burglar alarms" that still permit damage to be inflicted.

However, Phil Ryan, head of information security consulting at Peapod, said that while products such as WebSiteLock are useful, they are not particularly suitable for protecting more complex websites, or other depositories of high-value data.

"The problem with this technique is that it is not suitable for protecting dynamic pages," said Ryan, who added that other data integrity toolkits on the market, such as Tripwire, could be adapted to detect changes in contents of a website but suffer from similar limitations.

MFXR has made a 1Mb, fully functional version of WebSiteLock available, free of charge to visitors to its website (www.mfxr.com). This version is large enough to protect most 'personal' or 'family' type websites and also permits commercial customers to trial the software.