SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Member
    Join Date
    Feb 2012
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Best way to ensure privacy

    Hello

    Whats the best way to ensure my website is going to remain private. Can I hire the services of a hacker, ask him to do his worse and hack the site? Or is there another way of going about it?

    Thanks for any help.

  2. #2
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Depends what you mean by 'Private'
    You could password protect your root directory
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  3. #3
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,645
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    jh,

    Ever hear of encryption? You can encrypt your files to keep them private as long as you use a good (unguessable) seed and strong algorithm.

    DO both for more security.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  4. #4
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,789
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Simplest way is to not put it on the web in the first place - that way it will stay private as it will not be in a publicly accessible spot.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  5. #5
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    6,088
    Mentioned
    256 Post(s)
    Tagged
    5 Thread(s)
    Do you really mean private, or do you mean secure? i.e. preventing unauthorised access to admin areas, etc.?
    Take plenty of exercise walk round and round the garden
    or
    sign up now for the Isle of Jura 10K or Half Marathon!

  6. #6
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,117
    Mentioned
    448 Post(s)
    Tagged
    8 Thread(s)
    Off Topic:

    Quote Originally Posted by felgall View Post
    Simplest way is to not put it on the web in the first place - that way it will stay private as it will not be in a publicly accessible spot.
    Until some kid comes along with his laptop and cracks you WiFi password in a few seconds with some free script ... (I've seen them do it ...)
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Forum Usage: Tips on posting code samples, images and more

    Forrest Gump: "IE is like a box of chocolates: you never know what you're gonna get."

  7. #7
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Hi jhookway,

    If your site uses a dynamic language and a database then you need to ensure that security loop-holes are taken care of, things like:


    • Session encrypted and stored in the database rather than the file system
    • cross-site scripting attacks
    • cross-site forgeries, file uploads (notoriously insecure as most of the examples on the web have zero security thinking inbred, form spoofing
    • SQL injection
    • using weak encryption algorithms
    • not using a shared host - this also means not using most VPS or cloud services
    • password hacking protection
    • closing off error reporting or customizing it to ensure that end-users don't see what server and database technologies you are using
    • you also want to stay away from using 3rd party components, but if you write your own you need to understand how to write your own secure code
    • use https for everything
    • separate the database and web server and maybe content onto their own servers. Use a CDN for your content.
    • research your hosts thoroughly and ensure that the have an excellent security methodology that they follow, keep regular backups and have redundancy in power, bandwidth, and hardware. Research how many people have any access to the servers and ask to show proof of security clearance.
    • don't upload or transfer content unless your travelling through an end-to-end VPN tunnel
    • grant the fewest privileges to the fewest people possible and only grant just what they need for the time they need it, no longer.
    • have a certified hacker try to break-in and provide a security audit report.



    Many of these topics open up a whole bunch of cans of worms, so this is not an easy task.

    Regards,
    Steve
    ictus==""

  8. #8
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,645
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Steve,



    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •