California state site can’t shake porn problems

The Web site blamed for last week’s Internet problems within the State of California has been taken offline after links to pornographic material reappeared on the site.

The Transportation Authority of Marin’s tam.ca.gov Web site was offline Wednesday, its front page replaced with a placeholder page saying it is down for maintenance.

The site was taken down after security experts reported that it was hosting pornographic material over the past weekend.

“The site was shut down… to step back and determine what was the best action to take to address the continued contamination,” said Dianne Steinhauser, the Authority’s executive director. “The site is down until it is restructured with additional security, can be sponsored by a more reliable ISP, and perhaps secured from this occurring.”

Steinhauser’s 10-person agency has had a rough month. The agency switched ISPs in early September after first discovering that its servers had been hacked, and last week, it was at the heart of a crisis that threatened to pull the entire State of California off the Internet.

On Oct. 2, the federal government’s U.S. General Services Administration (GSA) moved in and began the process of removing all ca.gov servers from its .gov Domain Name Service registry, citing problems with the Transit Authority of Marin’s Web site.

“The potential exposure of pornographic material to the citizens — and tens of thousands of children — in California was a primary motivator for GSA to request immediate corrective action,” a GSA spokeswoman said. “Also, in these days of heightened security concerns from hackers, it is important to quickly stop potentially harmful damage to federal, state and local Web sites from those who have no love for our country.”

The GSA’s actions would have eventually made it impossible for Internet users to visit State of California Web sites or send e-mail to government officials. Fortunately, state officials were able get the federal agency to reverse course within a few hours and only minimal disruptions were reported.

The GSA now says it is revising procedures to avoid this kind of incident in the future.

That’s a good idea, because the Transit Authority of Marin’s problems are not unique. Last week, similar problems were discovered on Web sites for the Brookhaven National Laboratory and the Superior Court of Madera County, California. On Wednesday, a Google search uncovered similar content on the Web site for the city of Somerset, Texas.

In fact, small businesses as well as government agencies can easily experience these problems, according to Maxim Weinstein, a manager with consumer advocacy group StopBadware.org. The Transit Authority of Marin’s problem “really underscores the need for customers of hosting companies and internet providers to really expect and demand best security practices from those vendors,” he said.

Earlier this year, StopBadware identified five hosting providers that were inadvertently hosting thousands of hacked Web sites.

The ISPs named by StopBadware were often using out-of-date management software that was peppered with well-known bugs, Weinstein said.

In the end, however, it’s the technical staffers connected with the Web sites in question who suffer most from these security lapses.

“It’s not the fault of an unsuspecting Webmaster, but the ultimate responsibility does lie with them,” Weinstein said.