Product Reviews

Web Recovery

Protect Your Web site from defacement.

Let's face it: We live in an Internet world. Many companies only have an Internet presence. They don't even maintain a physical storefront. You get only one chance to make a first impression. How would you feel about doing business with a company that couldn't even protect its own Web site? I know I'd think twice before entering my credit card number. As a company you must protect your Web site against hackers and have a way to recover when and if you are hacked. WebAgain provides a way to automatically recover your Web site if this happens, but it is not a replacement for properly securing your Web site in the first place.

WebAgain works by keeping a backup copy (or copies) of your Web site. You publish your site to the WebAgain server and it publishes to your Web servers. It monitors your Web server for unauthorized changes and quarantines all unauthorized file modifications in addition to republishing the original information from backup. Unauthorized file modifications may include adding or removing files, re-routing links, and changing text. You can configure how often and with what depth WebAgain should scan your site for changes. WebAgain can publish to multiple locations making it easy to maintain mirror sites or to use load balancing.

According to the product documentation, WebAgain will install on any Pentium grade or higher computer. For testing purposes I installed it on an AMD K6 550 MHz and it ran fine. WebAgain will run on NT 4.0 SP3 and Windows 2000, but it does require IE 4.0 or higher. You can install WebAgain on the same computer that hosts your Web site or on a separate computer.

WebAgain has two components - WebAgain Server and WebAgain Administrator (see figure). The Administrator can be installed on any computer running Windows 98 or higher. I installed it on NT 4.0 SP6a and Windows XP without any problems. I like that you can password protect the WebAgain Administrator and that you can restrict its use to certain IP addresses. This provides an extra level of security.

The installation of WebAgain is a breeze. Immediately after installation you are prompted to configure your first website. This is fairly straightforward, but you may get confused if following along with the product documentation, as the steps in the documentation aren't complete. However, Lockstep includes a product supplement guide that explains the new screens that appear during configuration.


The WebAgain Administration Console. (Click image to view larger version.)

In early versions of WebAgain, you had to create the backup copy of your site by manually publishing your Web files to the WebAgain server. This is accomplished via FTP, a shared folder, or Front Page Server Extensions. This can be time consuming depending on the size of your Web site. WebAgain 2.0 supports Harvesting, which automatically imports your Web site into WebAgain during Web site configuration. This keeps you from having to manually create the backup copy.

One of the shortcomings of WebAgain is that it interferes with using Front Page extensions to perform live editing (changes are immediately saved to the Web site versus being saved to a local copy of the Web site and then published). When performing live editing not all FrontPage options will work, such as task list and navigation views (see product documentation for a complete list of unsupported features). You must perform live editing on WebAgain's copy of the site and not on the actual site. If you make the changes on the actual Web site, WebAgain will see the changes as unauthorized edits and will quarantine your changes.

I think that WebAgain is a good product. It provides many useful features, such as SNMP and e-mail notification when your Website has been hacked. It makes it very easy to roll back your Web page to an archived version and it works well with mirrored sites. I found the Administration Console easy to use. It has an Outlook feel to it. My only complaint is that most options are accessed from the Menu Bar. I prefer the right-click mouse button. I found myself wanting to right click when I had to click on Tools instead. Overall, I'd recommend WebAgain to anyone wishing to protect their Web site from defacement.

About the Author

Chad Todd, MCSE, MCT, CNE, is the author of Hack Proofing Windows 2000 Server by Syngress Publishing. He is the co-owner of Training Concepts, which specializes in Windows 2000 and Cisco training.

comments powered by Disqus
Most   Popular