Security of websites!

hi all!
i am looking for some good tips to implement the security of website. How can one protect personal information online?

Do you mean of people’s names, e-mail adresses, numbers, etc? or credit card info?

Thanks a lot for the suggestion. I am reading :slight_smile:

anything on my website, like how can i protect my websites from hacker to make sure that no one misuse data available on website. what is the main loopholes from which a website can be used illegally.

If we take formal approach - then first you have to create, implement and maintain security policy for your website.
This is very broad subject you are talking about. I suggest you read through “resources on web application security” that is pinned in this subforum and decide what exactly you have in mind.

Why not scan your site for vulnerabilities with something like There’s a free scanner available. After that, it would just be up to you to alert your host of any vulnerabilities found; but at least you would have a comprehensive and up to date list.

have been at outdated software. Mostly software like phpMyAdmin, osCommerce and software like that.

We see the log files for thousands of websites and hackers are constantly scanning for vulnerable versions of website software.

You have to keep your software updated and you have to follow the security guidelines for all software.

Of course, hackers are still getting in through stolen FTP passwords as well.

Website security is most likely today’s most under-rated aspect of securing the application and database. Hackers are concentrating all their efforts on web-based applications - forms, login pages, shopping carts etc., Any security at network level will provide no protection against web application attacks since they are launched on port 80. checks your web applications for SQL Injection, XSS & other web vulnerabilities and assists you in securing your web applications. This, message will be helpful for you. Keep safe against hackers.

good habbits of surffing,update yr sys and the Security software:lol:

some of the security terms to be considered.
for example - should not allow any special characters in input box, if allowed <?, then it has big security hole.

I have been told about free virus protection AVG and Avira I have been using now for months and have had no problem at all,worth checking out.

what about setting file permissions for security on your server? Should everyone be using a certain permissions for files in the main directory of your server on a website?

Permissions are just one of means how to increase/decfrease security.
Relatively safe and straightforward policy: give as low permission levels as possible. That applies not only to file system permissions, but also to DB access permissions and access to other services/applications.

For example:
The web-application should not be able to modify itself. It means that the user with whom web application is running should have only read (or execute, depending on type of system) permission to files, but not write/modify. It means, that you should have separate accounts for application management tasks (i.e. uploading/modifying application files) and for running application itself.

You should also update your PHP as often as possible- that’s because there are constant updates and patch releases of PHP to keep it secure. With the latest secure versions your site will be protected from any possible bugs from the earlier versions. :slight_smile:

• Keep Your Versions Updated
• Beef Up Your Passwords
• Lock Down Your File Permissions
• Mind Your Links
• Use FTPS For Transfers
• Use SSL To Send Emails
• Make Sure Your Web Host Runs suPHP
• Speaking of Hosts
• Look Beyond Shared Hosting
• Be Savvy

never put sensative information in cookies specially cookies that are not encrypted.
avoid putting sensative information in sessions.
in secure site areas use ssl signature.

Here are some few ways to strengthen your site’s security:

  1. Run every input through PHP’s addslashes method
  2. Remove Flash and JavaScript from Input
  3. Secure your password

If you are looking to secure your users’ credential, do you want to have secure database? If not, you need to watch out for those sql injection, xss, csrf, good session management to protect your user’s credential

Some web host has some features to guard our website. So, you can add those security features and it takes some extra charge.

heh… check out what the lulzsec hackers are doing with sites now. Makes you think twice about your sites security. But then again, I think they are finding whoever may be vulnerable to begin with.