In the era of Internet and communications, there are still a lot of organizations which have a poor or misconfigured web presence. This leads to unavailability, loss of contact with potential customers, and even reduced reputation due to bad or missing web presence.
This trend is especially true for public services and organizations where management is centralized and has pooor Internet awareness.
Here are a few examples of common mistakes:
- Hosting a web site on a non-default port - very common when you hire very cheap webmasters or use the improperly trained administrator to set-up the web server. Several web servers are installing themselves TCP port 90 or 8080, for security reasons until the service is ready for commercial rollout. If the web server remains on port different from the default 80, some visitors may not be able to access it. This is especially true for visitors from large corporate networks, where proxy and security systems are often configured not to allow access to sites on non-standard ports.
- Hosting a web site on an IP address - Without a domain name - a very old mistake, and one that was supposed to have vanished by now. It is difficult to communicate the IP address, it is difficult to remember an IP address, it is difficult to change and re communicate the IP address. It should NEVER be done.
- Using IT for content management - Even if IT created the engine, prepared the server and started it, they should not be tasked with content management. Because of it's primary function, IT will always put a higher priority in maintenance of the infrastructure then on content management. This will lead to incomplete or outdated content.
- Allowing for the domain name to be stolen - Bear in mind that your corporate domain name is yours only until the lease expires. It costs around 10 USD/year to renew the lease, but if you forget to renew before the lease expires, it's first come first serve principle. There are persons and even companies known as domain trolls, which target large organizations and good domain names, and wait for a mistake. If you forget to renew your lease, they can take it from you, and then they will blackmail you into buying it for a lot more then 10 USD. In the meantime, your corporate web presence is unavailable, or even replaced with content which may harm your corporate reputation.
- Outsource the hosting of a web site to a commercial hosting corporation - avoid using internal resources for web site and server management. Unless you have a very large and experienced team, your people will need to learn web hosting and maintenance on the job, and this can lead to poor quality, failures, even security holes.
- Confirm that your site is adhering to de-facto standards - insist on standardised TCP ports, registered domain names, and avoid any reference to an IP address.
- Maintain your site and domain availability - lease the domain name for several years in advance, and task the one person with personal responsibility to renew the lease on time
- Delegate content management to the business - Whatever is on the site, is business oriented, and should be maintained by the business. Each business unit should have a content manager, who should use a simple web based editor interface to manage content
Creating Your Own Web Server
Tutorial: Making a Web Server
Web Site that is not that easy to hack - Part 1 HOWTO
Web Site that is not Easy to hack - Part 2 HOWTO - the web site attacks
Talkback and comments are most welcome