SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Member
    Join Date
    Sep 2009
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How can I improve website security?

    Hi

    I build static html websites with the only bit of PHP on the contact form, lately I've been finding that some of my sites are being hacked and am trying to get my head around website security, the servers are secure and my PC is checked every week for viruses and malware so I don't think anything is getting through via my FTP programme.

    Does anyone know of any useful books or online resources that I could read to help me learn how to improve website security as I have had no experience or training on this?

    Any help would be appreciated.

    Many thanks.

  2. #2
    SitePoint Zealot Scrampy's Avatar
    Join Date
    Dec 2008
    Location
    Melbourne Australia
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think www.grc.com is the best place to start. I'm no expert, but it's worth a look there to get an idea of what you might be dealing with.

    Hope this helps

    Dave

  3. #3
    SitePoint Member
    Join Date
    Sep 2009
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Dave

    Thanks for this, I'll take a look.

  4. #4
    SitePoint Zealot
    Join Date
    Oct 2008
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How is your account getting hacked?

    In order to fix a security hole, you have to know what that security hole is.

    If someone is hacking your website by uploading new files via FTP, then someone is somehow gathering your FTP login information. That could be with a keylogger, a network sniffer, an exploitable script on your account, or just an easy to guess password.

    Whatever the means are that the hackers are using to hack your website will lead you in the direction to improve security in regards to that aspect.
    CanisHosting - Web Hosting plans starting at $3.95 per month

  5. #5
    SitePoint Zealot cpace1983's Avatar
    Join Date
    Sep 2009
    Posts
    153
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What I would personally do is have someone else take a look at your site (a consultant). Yes, I know that I'm biased here, but it can take forever for you to find the hole yourself.

    How simple is your PHP contact form? Is there anyway that an attacker can exploit that? Also, how are your passwords? Are there any default passwords enabled? Anything wierd in the logs?
    I am a Freelance Linux Consultant.
    I offer flat rate Linux support, as well as hourly support.
    Feel free to visit my blog, Ramblings of a Linux Administrator.

  6. #6
    SitePoint Enthusiast null101's Avatar
    Join Date
    Apr 2009
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Scan your website with Acunetix, it's good at finding potential security breaches. Also try to temporarily remove any means of file uploading and PHP scripts on your server. Change your cPanel password. Write in your HTACCESS to disable any code from executing (.PHP, .PHP4, .PHP5, .PL, etc). There are plenty of articles on Google on how to do this.

    I hope you get it taken care of.
    Scumlabs.com - Free flash games
    Play Super Mario Flash!
    Play Raiden X!

  7. #7
    SitePoint Member
    Join Date
    Oct 2009
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you can use a web application firewall to protect your website
    I can suggest you one WAF(web application firewall)
    http://www.dbappsecurity.com

  8. #8
    SitePoint Enthusiast
    Join Date
    Feb 2009
    Posts
    39
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ask your webhost too, might be the whole server is under attack. Since you have not used much php without login or database connectivity, so it is hard to hack.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •