SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    Non-Member Abrienne's Avatar
    Join Date
    Jul 2012
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Ways to protect my site form hackers?

    Hi,
    Recently I have developed a site but I am not satisfied with its security. I want to get it more secured for hackers. Can you please suggest me new ways to protect my site form hackers.
    Thanks

    <snip>
    Last edited by TechnoBear; Aug 20, 2012 at 06:40. Reason: Please wait 90 days for a real signature

  2. #2
    SitePoint Enthusiast edgarzakaryan's Avatar
    Join Date
    Aug 2012
    Location
    Yerevan, Armenia
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Abrienne View Post
    Hi,
    Recently I have developed a site but I am not satisfied with its security. I want to get it more secured for hackers. Can you please suggest me new ways to protect my site form hackers.
    Thanks

    <snip>
    Hi, there is no a way that will protect your site from hackers at all. You should look at any steps.
    For example if you are getting some values form url, for example id and use it to select something from database, before making query, you should filter that value (you have to filter any value that comes from users, if you will not do that, hackers may use SQL injection).
    Or if you are uploading images, you have to check that file to be sure that the file is image.
    Etc.

  3. #3
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,653
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Ab,

    First, WELCOME to SitePoint!

    Second, please look through the threads in this board as there is a wealth of information here.

    Boiled down:

    1. Use VERY strong passwords
    2. Keep your "canned" programs up to date
    3. Use defensive coding. This includes edgar's admonition to validate and remove dangerous characters (<, >, http://, href://, ', ", and many others). If you're expecting a name, would you allow =? 9? etc.
    4. Verify uploaded files, i.e., that they were uploaded (rather than the server's password file) then, if an image is expected, PROCESS that image before moving it to your webspace, i.e., create a new image file and rescale the image (to change it) before saving to your directory
    5. Ask your host to run a maldet CRON on your account nightly. It will report any files containing malware at which time you MUST replace it with your original then look for the security hole you have
    6. Run your own nightly CRON scan to ensure that your files have not been changed, deleted or added to


    While VERY strong passwords are exceptionally important, I believe that using good coding is the most important. Just ACT paranoid in your programming (test, test and test again) and you'll save yourself many hours/days of recovery effort.

    FWIW, I've just relocated and configured the control panel to ignore/ban any illicit attempts to gain access. I've had several attacks each day with some coming so fast that the banning didn't have time to take effect! I'm not paranoid but there are those out there trying to get me (although I am sure that I'm anonymous to every one of them). Fortunately, the seemingly paranoid protections are doing their work!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  4. #4
    SitePoint Enthusiast
    Join Date
    Dec 2007
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I tend to suggest it often, but Cloudflare helps quite a bit in protecting your site against hackers
    Comcure does independent, off-site website backups just for the webmaster
    Full API. Daily Snapshots. Backup via FTP, FTP over TLS or SFTP.
    Storage Pods in USA, Europe and Asia to come. Backup to the closest one.

  5. #5
    SitePoint Zealot bgil's Avatar
    Join Date
    Apr 2009
    Location
    So. California
    Posts
    124
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You definitely want "bullet-proof" code and SSL, and do not help hackers with error messages like: ID is OK, but password is too short. If someone REALLY wants into your site, they can automate a signon script to try all IDs and passwords, and would eventually sign in. In computer time, it could take awhile, but that may not be so long in human time. One trick is to temporary lock out an ID for 30 minutes after 3 to 5 invalid signon attempts. The script keeps running, but doesn't know it's not going anywhere. If there are 3 temporary lockouts in an hour, shut down that ID. The flip side is that inconveniences the legitimate person with that ID, so be able to contact her. Also, if it's an admin ID, be sure you have alternative IDs to signon with. Of course, if someone guesses and ID and password on the first try --- oops.
    -Brad

  6. #6
    Non-Member
    Join Date
    Sep 2012
    Location
    Sweden
    Posts
    35
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Everything starts from up-dated software - from the OS to the coding language, as well as strong and quality programming of your application. Many CMS based sites are vulnerable if outdated. Also consider file/directory protection and defining .htaccess files in your hosting account.

  7. #7
    SitePoint Enthusiast
    Join Date
    Jul 2007
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Abrienne View Post
    Can you please suggest me new ways to protect my site form hackers.
    <snip>
    Ways to protect your site will vary depending on where you are hosting the web site. Generally speaking protecting your site involves ensuring the web application is coded securely (no injection flaws, XSS or other web app vulnerabiltiies) AND that the server (operating system) is secure.

    If you are hosting your site on a server you control you could use security enhancements like mod_security, the open source host based security agent ossec and general operating system hardening.

    If you are using a managed hosting service, then it is a good idea to go with a provider that takes security seriously.

  8. #8
    SitePoint Member
    Join Date
    Sep 2012
    Location
    Los Angeles
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Red face

    First of all get very good secure hosting, also make sure that you have a back up of your website every week or alternate day.
    Use captcha for spam and use strong passwords. A lot depends on what framework you are using as per which you can customize your security.
    Hope these small tips help

  9. #9
    SitePoint Zealot DuncanM's Avatar
    Join Date
    Apr 2005
    Posts
    100
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Also, make sure file permissions on the server are set correctly, and do NOT save your username and password in your FTP software.

  10. #10
    Non-Member Dynamic_Systems's Avatar
    Join Date
    Sep 2012
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It would as well be good to have a good antiviros program and malvare protection on your work computer.

  11. #11
    SitePoint Member
    Join Date
    Oct 2012
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    1.Website security is one of the biggest concerns of most website owners,
    2.Making regular backups of your website is very important,
    3.Open Source software is software that is freely available for anyone to download and use. While using free software is a great way to build your website, one of the negatives is that hackers also have access to the code to find ways to exploit it.

  12. #12
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,815
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by peterjohn123 View Post
    While using free software is a great way to build your website, one of the negatives is that hackers also have access to the code to find ways to exploit it.
    That's actually one of the positives since when security holes are easier to find they tend to get fixed far more quickly and so such software is likely to contain far fewer security holes than softare where the source isn't available.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •