SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    The first steps to make your site more secured

    Hi,

    I recently had two of my sites hacked one of them was using WordPress and this happened about six months ago, so I was thinking that it was because I was using WP with a poor user name and password, two days ago the other one was also hacked and on this one Iím not using WP, I also had a poor Cpanel password (5 letter password). So after this I will start using strong passwords but I was wondering if this is really where the hacker got into my site.

    I would like to understand more about web security because right now all I know is that a strong password needs to be used and thatís it.

    1 - What are the different ways a hacker can get into my server?

    2 - What are the steps on securing your server, or is this something the host company takes care off?

    3 - What are the general steps setting up a new site for the first time to make sure it will be secured (I know nothing is 100% secured)?

    4 - Where can I get more information on web security? Is there a good book that you guys recommend?

    Thanks a lot!
    Thank you very much!!!

  2. #2
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,833
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    With regard to open source scripts such as you mention there are three main ways someone can break in.

    1. If you are running an old version with known security holes they can exploit one of those security holes.
    2. If you use a weak password then they can possibly guess what it is to break in.
    3. If you don't have proper security on your own computer they may be able to install a keylogger there so as to capture all your passwords.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  3. #3
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First of all thank you for your help.

    How about the server? I guess I don't know understand how the servers work, I'm assuming that I'm renting a partition on one of the computers from my hosting service provider, IF I'm correct, what if someone attacks a different partition in the same computer (different client using the same hosting services).

    Could a hacker get to my partition through a different partition within the same server?

    Sorry if my questions don't make too much sense.

    Thanks
    Thank you very much!!!

  4. #4
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,189
    Mentioned
    191 Post(s)
    Tagged
    2 Thread(s)
    It is possible that another compromised site "crossed over" to yours. But I suspect this is unlikely as the host would probably catch this. Just the same, you should report the incident to your host.

    It is more likely one of the reasons felgall mentioned. Bite the bullet - upgrade any old apps you're using, check your folder/file permission settings, and do a scan of your computer.

    Strong usernames and passwords are a good idea, but they are only one step in having a secure site.

  5. #5
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you all for your comments!
    Thank you very much!!!

  6. #6
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    I just ordered a book called Apache Security, will this help me to learn about web security?

    http://www.amazon.com/Apache-Securit...5773193&sr=8-1

    Thanks a lot
    Thank you very much!!!

  7. #7
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would recomend:
    The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
    Here is review from Richard Bejtlich:
    http://taosecurity.blogspot.com/2009...n-hackers.html
    Here other reviews by him:
    http://taosecurity.blogspot.com/search/label/reviews

    Also - if you are into security in broader sense - a must read is "Security engineering" by Ross Anderson:
    http://www.cl.cam.ac.uk/~rja14/book.html

    P.S. Bejtlich has a review for the book you've bought as well:
    http://taosecurity.blogspot.com/2006...ks-posted.html
    One thing to consider is that the book is already 4 years old, so there might be some differences to situation now.

  8. #8
    SitePoint Zealot Dandandandaman's Avatar
    Join Date
    Mar 2009
    Posts
    135
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I read a good article in the .net magazine see here for details:-

    http://www.netmag.co.uk/zine/latest-issue/issue-201

    and I think I have found the same article here:-

    http://www.techradar.com/news/intern...ecurity-687153

  9. #9
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you all very much this is good information.
    Thank you very much!!!

  10. #10
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I found this helpful! Very good info

    http://25yearsofprogramming.com/blog/20070705.htm

    Thanks
    Thank you very much!!!

  11. #11
    SitePoint Member
    Join Date
    Nov 2009
    Location
    New York
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by felgall View Post
    With regard to open source scripts such as you mention there are three main ways someone can break in.

    1. If you are running an old version with known security holes they can exploit one of those security holes.
    2. If you use a weak password then they can possibly guess what it is to break in.
    3. If you don't have proper security on your own computer they may be able to install a keylogger there so as to capture all your passwords.
    Great points! Just to add to this, making sure you are not using the default 'admin' username. Hackers are aware most people don't bother to change this.

    Also are you using and FTP program? I love Filezilla, but somehow transferred a virus to my site using it one time. If you are using this software, try switching to something else like CoreFTPLite. It's a lot slower, but seems to be more secure.

    Good luck!

  12. #12
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Also are you using and FTP program? I love Filezilla, but somehow transferred a virus to my site using it one time. If you are using this software, try switching to something else like CoreFTPLite. It's a lot slower, but seems to be more secure.
    Thank you for your comments!

    Wow thats bad new I love Filezilla. Is there any good ftp for Mac?
    Thank you very much!!!

  13. #13
    SitePoint Member
    Join Date
    Nov 2009
    Location
    New York
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try Cyberduck - http://cyberduck.ch/

    Haven't used it myself but heard very good things about it from others.

  14. #14
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks a lot for your comments.
    Thank you very much!!!

  15. #15
    SitePoint Enthusiast
    Join Date
    Nov 2008
    Posts
    47
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Are you using a shared hosting or vps? if you are with a managed vps, your hosting provider should take care of backups and security as well.

    And the book you just bought should help you. But, its always better to learn security with a test system instead of production server.
    ►ExpertWebHost.NET- Quality, reliable hosting service since 2008
    ►Instant Budget CPanel hosting- 24x7 Support
    ►Litespeed- Softaculous- RVSitebuilder- R1Soft backups
    SEO Hosting- Spread your websites on 10 servers with A Class IPs

  16. #16
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First of all thank you for your comments.
    But, its always better to learn security with a test system instead of production server.
    Can you please recommend me a better book or direct me to where I can find more info?

    Thanks
    Thank you very much!!!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •