Hello
Whats the best way to ensure my website is going to remain private. Can I hire the services of a hacker, ask him to do his worse and hack the site? Or is there another way of going about it?
Thanks for any help.
| SitePoint Sponsor |
Hello
Whats the best way to ensure my website is going to remain private. Can I hire the services of a hacker, ask him to do his worse and hack the site? Or is there another way of going about it?
Thanks for any help.
Depends what you mean by 'Private'
You could password protect your root directory
Detect file changes remotely. SimpleSiteAudit is an early
warning anti-hacker system which sends an alert on detection.
PHP Find Orphan Files - Finds all the unreferenced files on your site.
jh,
Ever hear of encryption? You can encrypt your files to keep them private as long as you use a good (unguessable) seed and strong algorithm.
DO both for more security.
Regards,
DK
David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
Client and (unpaid) WHB Ambassador
Updated mod_rewrite Tutorial Article (setup, config, test & write
mod_rewrite regex w/sample code) and Code Generator
Simplest way is to not put it on the web in the first place - that way it will stay private as it will not be in a publicly accessible spot.
Stephen J Chapman
javascriptexample.net, Book Reviews, follow me on Twitter
HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
<input name="html5" type="text" required pattern="^$">
Do you really mean private, or do you mean secure? i.e. preventing unauthorised access to admin areas, etc.?
If you're a bear made of mohair, ponder on the nature of a mo.
Off Topic:
Until some kid comes along with his laptop and cracks you WiFi password in a few seconds with some free script ...Originally Posted by felgall
(I've seen them do it ...)
Hi jhookway,
If your site uses a dynamic language and a database then you need to ensure that security loop-holes are taken care of, things like:
- Session encrypted and stored in the database rather than the file system
- cross-site scripting attacks
- cross-site forgeries, file uploads (notoriously insecure as most of the examples on the web have zero security thinking inbred, form spoofing
- SQL injection
- using weak encryption algorithms
- not using a shared host - this also means not using most VPS or cloud services
- password hacking protection
- closing off error reporting or customizing it to ensure that end-users don't see what server and database technologies you are using
- you also want to stay away from using 3rd party components, but if you write your own you need to understand how to write your own secure code
- use https for everything
- separate the database and web server and maybe content onto their own servers. Use a CDN for your content.
- research your hosts thoroughly and ensure that the have an excellent security methodology that they follow, keep regular backups and have redundancy in power, bandwidth, and hardware. Research how many people have any access to the servers and ask to show proof of security clearance.
- don't upload or transfer content unless your travelling through an end-to-end VPN tunnel
- grant the fewest privileges to the fewest people possible and only grant just what they need for the time they need it, no longer.
- have a certified hacker try to break-in and provide a security audit report.
Many of these topics open up a whole bunch of cans of worms, so this is not an easy task.
Regards,
Steve
Steve,
Regards,
DK
David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
Client and (unpaid) WHB Ambassador
Updated mod_rewrite Tutorial Article (setup, config, test & write
mod_rewrite regex w/sample code) and Code Generator
Posting Permissions
Reply With Quote
Bookmarks