Feed your brain

Supply Chain View has been collecting free resources from the web, for Supply Chain Management, Lean and Six Sigma.

Find resources here »

Site search

Links:

Tags

How hackers taught me a lesson in 5S

March 11th, 2009 | By: Martin Arrand

Sometimes people tell me that 5S only applies in factories, and if they’ve been exposed to the “inactive banana” school of dim-witted implementation I can’t blame them. But here’s a cautionary tale that might persuade you that the principles – intelligently applied – are sound.

Supply Chain View has been “off air” for a while now. I have been fighting a running battle with hackers for months. I would find strange files in my webspace, and other files would contain strange extra bits of code. It was quite hard to spot – I have some technical knowledge but I’m no web developer, and I don’t have the time to trawl through looking for suspicious stuff all the time. But I mostly managed to delete the dubious files and fix the code. I also changed passwords for various things, but somehow the vandals were able to continue.

It came to a head when I found that trying to visit my own website led instead to a warning screen advising me that Supply Chain View was a dangerous site. It turned out that I had been blacklisted by Google and StopBadware.org because they had detected malicious code on my site. (I was also not sure this was my fault for a while, because this happened about the same time that a Google bug managed to blacklist the whole internet.) Sure enough, the hackers had been back, but this time they had tried to redirect visitors to this site to a site that distributed “Adware” (a programme that sits on your PC bombarding you with ads, and which is made hard to uninstall).

I decided it was time for a drastic solution. I couldn’t be sure I had found all the malicious files, or all of the parts of the files that had been modified. So I thought: let’s start from scratch. I removed all the files from my website, and then restored them with a clean version from the middle of last year.

Unfortunately, along the way I managed to mess something up with a critically important file – as I said, I’m no web developer. (Google’s own aforementioned incompetence makes me feel no better about this.) Now I didn’t have a hacked site – I didn’t have a site at all! When I found the time I did a few tests and tried a few obvious things, without any luck. Happily, my helpdesk ticket with my web host was answered very promptly, and they managed to solve the problem first time.

Now I’m glad that my website does not form a vital part of my livelihood. My consulting business fulfils that role, and the temporary loss of my website, though annoying and potentially damaging to the brand, doesn’t have direct bearing on that. It has also damaged my Google rankings, which will mean fewer people finding the site.

But it has given me a sharp lesson in the importance of preventive maintenance. Because the first attempts to hack my site had no malignant effect, I didn’t address them seriously. I let them go. I should have realised they were a symptom of a bigger problem, whose pain I had not yet felt. It’s easy to see that the 5S approach to workplace organisation translates perfectly to the management of my website. Like seeing a puddle of oil beneath a piece of factory equipment, I had spotted some “dirt” or “disorder” and I wiped it away, but with no real attempt at looking at the root causes. And when the machine broke, I paid the price.

Now that reminds me, I must chase the plumber to mend that leaking tap in my kitchen.

Write a comment