protecting your website?
- Started
- Last post
- 11 Responses
- tjw0511
whats some of the best ways to protect your site from hackers? or is this already done by the hosting company?
- 23kon0
guard dog in the back
- 23kon0
n' a uzi under your pillow
- tjw05110
lol...great
- 23kon0
i think that your hosting company should be doing the protection for you on their servers.
if you physically had your own server in your bedroom that you had sites on then it would be your responsibility for its security
- BattleAxe0
escaping all your input fields ;
app specific user names for db connections , never use root login for connections to db's
- BattleAxe0
and read up on protecting your site from
XSS -Under a cross site scripting attack an
attacker injects code into your page (forum
post, shout box, etc) that contains code that
re-writes the page to do something nefariousCSRF-Under a cross site request forgery attack a
site exploits another sites persistent user
trust relationship to make something happen
<img src=http://www.amazon.com/buy/my/book
height=“1” width=“1”>
Image tags can be used to trick a browser
into making any GET request
iFrames and javascript can be combined to
trick a browser into making any POST
request
- acescence0
SQL injection is a pretty common vulnerability.
if you're using any third party apps, wordpress, joomla, or the like, make sure you are all patched up to the latest versions. looking at my server logs, people are constantly looking for known vulnerabilities in older unpatched CMS software.
use URL rewriting to mask the structure of your back-end.
keep any sensitive files, things containing passwords and connection info, above the web root.
- maximillion_0
sanitisation of all user data is a must!
- designbot0
I run a web server in my house that has 1 million bit encryption, plus the entire thing is stored in a bullet-proof titanium case. I also have a radio-wave force field protecting hackers from accessing my wireless network, along with a landmine/missile defense system for those who attempt to physically break in. The firewall I have is also pretty good considering I wrote it myself in assembly language.
- ribit0
there's no quick answers on this.. really depends on your particular setup including any apps running on the server.. for example a few years back our site was defaced by 'Simiens Crew' through a vulnerability in AW Stats. The only way to prevent that would have been more frequent (or automatic) security updates, or not using it...