After 600 Daily Golden Nuggets you might think that there are no new topics that I could cover. I sometimes think the same thing, but then something strange happens in my daily work that uncovers something completely new and unexpected.
The problem I'm about to explain affects every website that has ever moved from one web hosting company to another or from one web server to another. This is a very strange situation that, until just a few days ago, never thought it would have an adverse affect on a website, when in fact there are potentials for huge security risks.
Since this problem is very high tech, I'm going to explain it through a long winded bit of storytelling and use of analogies about web hosting.
To begin, there are 3 aspects that all website owners face when starting a new website: 1. Graphical design of the site; 2. Technical programming of the site; 3. Hosting the site. Once you create a website you have to pay someone a monthly fee to make the website work for you, that's the never ending hosting part.
Over the last 18 years I've been using the following analogy to explain the concept of web hosting to my customers: "You could think of your web programming code as furniture and the web hosting as an apartment. You always have to pay monthly rent to live in your apartment. It doesn't matter if you bought high-quality furniture from Ethan Allen, or assemble-it-yourself furniture from IKEA, you still need to pay the landlord for the monthly rent. The cost of your monthly rent depends on where you choose to live."
Every web hosting company provides different services. Some offer support for special software and some offer only support for generic software. I could extent my analogy by saying your choice of hosting companies is like choosing to live in an apartment building with, or without an elevator.
Consider this for a moment: Would you ever move out of your apartment, or move to a new home, and leave your furniture behind? That might sound crazy, who would leave their furniture behind, right? What about a child that is moving out of their parent's house to go to college? Certainly they would not take everything that belongs to them. Many times a college graduate doesn't move back to their parent's house either. They get their first job, and their first new place to live, but they leave all their old cloths, childhood furniture, and toys at their parent's house.
Their entire set of childhood memories are reduced to an occasional visit on a birthday, holiday, or some special occasion. In my own family, and among my friends, I remember that it took more than 5 years for childhood bedrooms and all those "toys" to be put into storage. In fact, my original bedroom at my mom's house still has many boxes of my stuff, even though I haven't lived there in 12 years.
If I had to guess, I would say that even you have left a wake of random unwanted items and boxes behind you, or stored away, as you've moved from place to place in your life. How would you feel if someone decided to secretly go through those old boxes that you stored away and conveniently forgot about?
It would be an invasion of privacy. Could someone dig up some skeletons in your old closets? There's probably not much that you would consider damaging, but what if someone found your first tax return from your first job? Financial institutions take extreme measures to guard federal tax numbers and social security numbers, yet copies of your first tax return, including your social security number, might be easy to find in some old box that you've long forgotten about.
As it turns out, my analogy of apartment renting and web hosting is more closely aligned than I imagined. When you move your website from one hosting company to another, or from one web server to another, it's VERY LIKELY that the old copy of your website will not be deleted right away, if ever.
Let me say that again because it was important... Even though you stop paying a web hosting company for services rendered, they may never delete your website. It lingers on their hard drive and it's still available online for hackers to find.
I'm assuming that large hosts like GoDaddy and HostGator are more inclined to expunge websites after you close your account. But you would have to FULLY close your account.
Web hosting represents a long term residual income for many web programming companies. Your web programming company might have several servers with hundreds of hosted websites. With simple Bing and Google searches I've found many old websites that were still active long after a customer moved away.
It costs time and labor for someone to deactivate and delete a website, so why should the programming company bother? They are not getting paid to delete a website, but when the time comes, they will reclaim and reuse the hard drive space.
As it turns out, there's a serious danger with regard to e-commerce websites that move from one host to another. Unless you delete the e-commerce software from the hard drive, there is a risk that a hacker could find stored credit card information, customer records, and even your merchant account information.
Additionally, these old website properties could still be used to forger "official" emails from your company even if you didn't have an e-commerce site. A hacker who finds your customer list could fraudulently email your customers from the old server. Taking this one step further, the hacker could invite your customer back to your old website in order to trick them into making a new purchase.
By now this should sound like a complete nightmare, and it really is.
The next time you decide to move website hosts you need to officially close your old account and have your website deleted. For those with FTP access you simply need to delete your entire site. For those using hosted services you should ask to have your website reset or reinstalled before officially closing your account. You may also want to call your hosting company and ask them to delete your username and hard drive storage.
You may have to pay an extra service fee to completely close up your account, but it well worth it.