Web Resources for NGOs and Nonprofits

archived information

Return to NSRC Help Desk home.

Index

Versión Español

Introduction

A question asked by many nonprofits and Non Governmental Organizations (NGOs) is, "What resources are available for non-governmental and not-for-profit organizations in developing countries that want to set up their own web site?" This document presents some of the resources available, discusses how you might approach setting up your own web site, issues to consider, and gives a few practical tips. If you are looking for information on how to set up your own Internet Service Provider (ISP), then please see our ISP Resource Document instead.

The Question Restated

We start our discussion by reiterating the following question:

What resources are available for non-governmental and not-for-profit organizations in developing countries that want to set up their own web site?

This general question breaks down to sub-questions something like this:

  1. How can my organization setup a web site?
  2. Where can we get free hosting?
  3. Where can we find easy-to-use and free software?

By these questions this implies that the organization does not have their own in-house server, but rather will be setting up somewhere else.

These questions are open-ended as there are many ways to approach answering them. Here are a few examples:

  • You can create a page on someone else's domain to get information out. This is easy and inexpensive.
  • You can get your own domain and then pay anywhere from a little to a lot to have your pages hosted.
  • What platform do you want to use - Linux, UNIX, Windows, Mac? That is, what platform do you want your pages to be hosted on?
  • What about backup - are your pages backed up? And, if data is lost, can you get a recovery?
  • What about location? That is, if you are in Africa, does it make sense to use a free service in the US? Your pages will be remote to everyone in-country and slow to download - plus, they'll be unavailable if the international link goes down. As geographically local IXs (Internet eXchange points) are setup placing pages external to geographic location will make less sense.
  • But, if you want to go local, is this feasible? That is, will someone host your pages for free or cheap? What about a university - can they do this in your location?

In terms of where to find free website hosting we will present a list of some possible locations. There are commercial locations as well, but these types of sites (www.freeservers.com, etc.) will place advertising on your page, force pop-up banners on your users, and will likely track your users for commercial purposes. In addition, there are a few more things to consider when looking for a site to host your pages:

  • Do you need any special features for your pages (CGI, PHP, Java, Database, SSL, etc.)? The more you need, the harder finding a free site will be.
  • Will your data be backed up? If not, can you back it up somewhere?
  • How reliable is the location? Do you think they'll be around in a few years?
  • Do you know how responsible the organization is? That is, do they allow people to send junk email from their domain(s)? If so, then it's possible that some groups might not allow connections or email from you to them.
  • And, again, what platform do they use?

As you may have noted from the above list of questions it is entirely possible that you will eventually want to control your own web site - that is, you may have your own server and internal network at some point. Two great places to help you understand when and why you might want to do this include:

Here is a list of some links to sites that will host NGO or nonprofit groups for free. This list is not complete, and if you have additional sites that we should know about please send email with a link to the site to nsrc@nsrc.org.

Free NGO and Nonprofit Web Hosting Sites

Web Page Creation Considerations

Once a hosting site is chosen, then you must consider how you are going to create your web pages. A good general rule of thumb is that the easier and cheaper it is to do, the worse the end result will be. For instance, Microsoft Front Page is very inexpensive to use, and supported by many sites, but the HTML code generated by this product can be unusable. In many cases the generated code is not well supported by non Microsoft Browsers. This means that everyone not running Microsoft Internet Explorer may not be able to view your site as well, and may miss out on important information. Currently the number of Netscape, Mozilla, Galeon, Lynx, Opera, and other web browsers in use is estimated to be around 20 percent.

As an alternative you can use something like the free Netscape page editing tool Composer. This is an OK tool, but not great. It will do for basic pages. You need to know how to upload and download pages to use this tool, as well.

If you have some money, or donations, then the best tool around is Macromedia's Dreamweaver product. The key issue for easy-to-use when it comes to web page creation is that the interface be WYSIWYG (What You See Is What You Get) in nature. Frontpage, Netscape, Dreamweaver, and Adobe GoLive (pick Dreamweaver over Adobe's product) all let you edit a page directly without having to see HTML code. This makes creation much simpler. The only one, however, of these products that produces clean code that works across browsers, and that does not break already created code is Dreamweaver. Products that change code automatically, or produce incorrect code is actually a serious problem if you are trying to edit already created pages. Just opening a page in Frontpage (or, worse yet, Microsoft Word) will actually damage or ruin the page's layout and code.

If you have someone who is good at html, then there are countless free, or almost free, HTML editors available. A great place to start for Mac, Windows, and Linux clients is at http://www.tucows.com/. In addition, if you are using Linux or UNIX then http://www.freshmeat.org/ is a good place to find free software.

Below is a list of some good places to find free, or very inexpensive software to help you create your own web site. In addition we include some other links that may be relevant to this type of work. This list is in no way complete, and we welcome your suggestions.

A List of Web Site Setup Considerations

  • Probably one of the best thing to do is to plan on spending a little bit of money. That is, get your own domain name as this is really not expensive any more, and then either ask that the hosting company allow you to point the domain name to their server for free, or pay the usually low fee to do this. Total cost in the US for this type of service is generally around $150/year or about $12/month. But, if you can get the hosting company to point the domain name for free, then it's probably about $20/year, or less.
  • If you can live with the hosting company's domain name, plus your NGO name appended (something like www.hostingcompany.com/ngoname), then you can skip the above step.
  • Next, ask if your data is backed up, and if you can get it restored if there are problems? Even if the hosting company says, "yes", try to keep a local copy just in case.
  • If you do need database access, then a free site might not be easily possible. If you need to use CGI/Perl, PHP, Java, then you can probably still find sites that will give you this functionality for free.
  • Pick a tool to create web pages with, such as Netscape Composer, Dreamweaver, or an HTML editor. What tool you use will depend on the platform that you create the pages on (Windows, Mac, Linux/UNIX).
  • Find someone with a bit of HTML and computer expertise to put things together, and start creating your site.

Security Considerations

There are several aspects to consider when it comes to security and your web site. A few questions you should ask before getting started include:

  • What happens if someone gains access to your site? That is, can they cause your organization serious damage?
  • What happens if your site goes down? Will this affect your mission and what you are trying to do?
  • Do you have information that must be kept confidential to protect others?
  • Are there likely to be other groups, or people, who might want to bring your site down if possible?

If you have private information that could compromise the safety of others, if you rely on your web site to do your business, or if having your site compromised would cause problems for your organization, then you should seriously consider paying attention to security matters when creating a web site. In addition, you may not even realize how security breaches could affect you and your organization. For instance, maybe you don't consider the data on your site as all that important, but what happens if someone takes over your site and uses it to launch attacks against another group? This is a common tactic on the Internet, and, even if you are not at fault, your image will suffer greatly from such a security breach.

If you decide you want to read about security in detail we provide a much in-depth resource at http://nsrc.org/security/.

When creating your web site there are several things to consider and to pay attention to when it comes to security. For instance:

  • If your site is broken in to, and you lose the data on your site, or it is compromised, do you have a backup that you can rely on to restore your site quickly? If not, you may find yourself recreating work you've already done. Many web sites do not require much space to back up. If yours does not, be sure to keep a fresh copy of your web site locally.
  • Do you, or can you, really trust everyone creating and accessing your site? Who has administrative access to the site? Do former employees, volunteers, or members have access? If so, you should generally remove their accounts, or change passwords.
  • Do you have a local machine that can automatically connect to your web site? If so, how secure is that machine? Is it in a locked location? Who has the keys?
  • How do you connect to your site to upload/download files, or make changes? Do you use FTP or Telnet? If so, then your password is not safe. As a matter of fact, your password is very likely to be found out quickly as both Telnet and FTP send your username and password across the Internet using clear text. This is a very big security hole.
  • What about email? Do you use a client that uses POP or IMAP without encryption to get your mail. Or, do you use web mail in unencrypted mode? If so, your username and password are very likely to be compromised; and, if your email username and password are the same as what you use to access your web site, then your web site's security is very weak.
  • Are there others in your organization that use unencrypted methods of checking email? Do they update your site with the same username and password combination? If so, then your web site is very insecure.
  • What about the company hosting your web site? Do they regularly apply security patches? Do they backup data in case their machines are compromised? Do they use Microsoft's Internet Information Server and Windows to serve up web sites? If so, we strongly recommend against the use of any Internet Service Provider using this software. We are not the only ones making this recommendation. Microsoft Windows and Internet Information Server are considered so insecure by many of the most respected, and conservative Information Technology groups around. Here are two links discussing the Gartner Groups recommendation to drop Microsoft's IIS web server immediately due to continued security problems with the product:

The tools required to follow these secure steps are available for free under Windows, Linux/UNIX/FreeBSD, MacOS X, etc. A great place to start to find the tools mentioned here is Tucows (www.tucows.com).

Now that you've seen a few ways that security can be compromised, here are a few ways to help keep your web site secure. Most of these are very simple steps that you can take, and do not require a large investment of time

  • First, pick a good password. Make your password at least 6, preferably 8 characters long. Don't use any words (including non-English words). Use upper and lowercase letters, and mix in some random characters as well. An easy trick is to remember a phrase, and place characters in the middle of it. For instance, the letter jumble, "iWmptM", can be mapped to the phrase, "I want more pancakes this morning." Now add in something like a "$" and a "7" and you have a password like "iWm$pt7M" that's not all that hard to remember. This password, is, however, very hard to break.
  • Now that you have a good password, you don't want to give it away by transmitting it across the Internet in clear text. It is absolutely trivial to capture username and password combinations on networks for anyone determined to do this, so don't make their job any easier. This means you should make sure that all your shell connections to other machines, all your file transfers, all your password protected web browsing, and all your email use is done in an encrypted manner. If you use Linux, UNIX, FreeBSD, or MacOS X this is quite easy. If you use Windows it's a bit harder, but still possible.
  • Changing passwords every few months is a good idea as well. If other people know administrative passwords, then the chance that it will be transmitted in the clear increases greatly. Changing the password from time to time can help to increase your security.
  • Here is a list of some tools for encrypting these types of transactions. Some suggested sites for these tools are mentioned after this list:
    • Instead of FTP use SCP (Secure CoPy). Note: some sites now support SFTP (Secure File Transfer Protocol).
    • Instead of Telnet use SSH.
    • Always use SSL encrypted sessions in your web browser when checking email (Hotmail, Yahoo, etc. provide this option). This means choose to sign in to your email account using a "secure" sign on. Look for this as an option when connecting.
    • If you use POP or IMAP for email either use SSL encrypted POP or IMAP email servers, or tunnel your POP or IMAP sessions over SSH - otherwise, every time you check your email your username and password go across the Internet as clear text for all to see.

You can get SCP and SSH for free for almost any operating system by going to the OpenSSH web site. The SCP program is included with SSH. You can find a generic discussion of how To tunnel POP or IMAP over SSH (meaning that your username, password, and all data sent and received are encrypted) at SSH Communications Security pages. If you are interested in reading about SSL (Secure Socket Layer), which is used to secure web pages, take a look at the OpenSSL Project web pages.

In general your first line of defense involves a few key points if you wish to keep your web site secure while you create it, and for future use. These key points include, knowing what your ISP uses to server web pages, backing up your web site, picking good passwords, making sure that your username and password are always encrypted when transmitted across the network, changing your password from time to time, and knowing who has access to your site and how. Following these basic principals, as an end user, can help to keep your data safe, and your confidential data private.

An Example Using Windows

If you plan on creating your pages in Windows, here is one approach you could take to creating your organization's web site:

  1. Pick a hosting company that uses Linux/UNIX. You'll have many more options to control your pages, such as shell access to be able to edit them directly for quick changes.
  2. Try to get a copy of Dreamweaver for Windows for free. If not, then get a good HTML text editor or WYSIWYG tool for free or shareware. See http://www.tucows.com/internet.html for _lots_ of possible tools. EditPlus is one Windows text editor that gets favorable reviews, but there are lots of shareware WYSIWYG tools as well. So far, none of the free ones appear to work as well as commercial software like Dreamweaver.
  3. Create your site locally, and then upload it when ready. Burn a copy of your site, from time-to-time to CD if you have a CD-Writer available.
  4. Keep all your links to be "local" so that your site is portable. That means, when you reference an image, or another page on your site make the link look like:

<a href="/page2.html">next page</a>

instead of:

<a href="http://www.hostingcompany.com/ngoname/page2.html">next page</a>

If you do the second method, then you'll have to change everything if you ever move the site, or if you get your own domain name in the future.

Conclusion

When attempting to create an inexpensive or free web site for your nonprofit or NGO group, remember to think in the long run as well. For just a little bit of money and effort you can end up with a site that is considerably easier to maintain and likely to be much more reliable. This means you may pay a few dollars to have your own domain name, or to place your site on a UNIX-based system rather than Windows, or for some commercial software, but in the end this investment could save you days, maybe weeks, of frustration and lost resources in the future. This is an intangible benefit, but imagine the following scenario:

You create a web site using Microsoft Front Page. You place this site on a server running Windows and Microsoft's Internet Information Server. You don't pay for your own domain name. You don't back up your data, and you use FTP to transfer your files back and forth. This is much more common than you might think. Because of this, your site now sits on a web server that could be easily compromised - meaning that your data would not be available if this happened. If you did not back up your data you have no choice but to rely on the ISP's backup to get your data back. If you don't have your own domain name, then everyone else is pointing to that ISP to get to your pages. you have no choice of putting your site somewhere else and simply switching where your domain name points to. Finally, since you used FTP, someone might break in to your site and get confidential information possibly placing one of your clients in danger, or compromising the work you are trying to do. Even worse, you may never know that this has happened! That is, maybe someone just copies your confidential data, and does nothing else. Or, maybe they change data subtly so that you don't notice, but now it's wrong.

This scenario might sound far-fetched, but it takes place every day around the world. Taking a few extra steps, and putting in a bit of effort to be secure can help to keep this from happening, and allow you to take advantage of all the Web has to offer to get your information out to those who can use it.