How to protect my website against hackers?

Nima · 11-23-2007, 01:23 PM

What are the most basic steps that a webmaster should take to protect his websites against hackers?

InFloW · 11-23-2007, 01:55 PM

Well the big thing is to keep any scripts you're running up to date. If you're running say wordpress it's a bad idea to be running 2.0 when say 2.3 is out. You can say yeah my site is small but the thing is bots go around looking for specific versions so really no one is safe. I can say this from experience with customers with sites that get 1 hit a week and then they get exploited to their surprise.

Nima · 11-23-2007, 02:32 PM

Thanks for the advice. I try to keep my web softwares as up to date as possible

nks · 11-23-2007, 10:06 PM

Talking about WordPress, I came across their download archived page that they advised users to use either the latest release of 2.0.x version or 2.3.x version to ensure stability.

So, does that mean I can use WordPress 2.0.11 (the latest in that series) to ensure safer script? I think so....

aarathi · 11-30-2007, 02:32 AM

There are many tools to protect website from hijackers.
Affiliate Diamond - The Easy Way To Protect Your Affiliate Commissions
HTML Encryptor -Protect Your Web Site From Internet Pirates
HTML Security Report - Protect Visitors Stealing From You
Download Page Protector - Stop Thieves Stealing Your Ebooks And Software Products are some tools.

Avinash · 12-01-2007, 11:45 AM

Quote:

Originally Posted by Nima

What are the most basic steps that a webmaster should take to protect his websites against hackers?

What InFloW said, and:

* Make it your habit to protect your administration panel with .htaccess (if you're using a Linux web hosting service). For example, if you use WordPress, protect your '/wp-admin' area by configuring .htaccess. You can find these WordPress security resources pretty useful. If you're using WordPress, you should also check your theme before enabling it.

* Always use passwords longer than 10 digits (alpha-numeric). If a 10 or 12 digit password is too long for you to remember, jot it down somewhere or better save it in a file and secure it with an easy password that you can remember.

* Join the Security Focus mailing list so you can keep an eye on what's going on in the security world.

I could write many points but for a normal web master, these three or four points should be enough.

edd · 12-01-2007, 06:46 PM

First, you shouldn't use a whole lot of applications made by other people. If you do, you should know that it is safe and keep it updated often. You should also read up on security for any language you program in (if you use programming languages).

satya123 · 12-26-2007, 11:33 AM

Host should have hacker free softwares..firewalls then your sites are protected...

edd · 12-26-2007, 06:09 PM

Quote:

Originally Posted by satya123

Host should have hacker free softwares..firewalls then your sites are protected...

That's not true. There are 8 debatable levels of the basic network that can all be insecure.

The top most is the user. They are not securable because they cannot be controlled. You can make suggestions or helpful tools (like many sites suggest you check the url bar before ever logging in).

The next is the application, the internet browser. This can be insecure because not all browsers are the same. Don't forget about malicious code like trojans, keyloggers and viruses.

Next is the presentation of data which is putting it together to be viewed in whatever form it is called in (primarily http). Attacking this is as easy as using clear text extraction or a protocol attack.

The 4th level of data is session data, or a connection between servers like SQL (structured query language made popular in dynamic languages like php which use mysql to store data). These are open to session hijackings and password/dictionary attack (sending data over and over again until the correct combination is found).

The 5th level is the transporting of data. These are open to port scanning and DOS attacks. This is not very maintainable on your end.

The last 3 levels are also far from your range unless you maintain your server, the network, data link, and physical connection. These are maintained by your host.

------------

If you don't make your own code, you don't have too much to worry about. The best way to protect your website is to stay updated on whatever scripts you use (phpbb ect.) and if you do go into coding, read some security books.

lordspace · 12-26-2007, 10:09 PM

1) Proper User Input Validation

To protect your web site you or the people you work with have to check properly data that comes from user's input.

e.g. there a lot of people that will make you a contact form as quickly as possible for about 2 mins (low quality code), the data may not validated correctly and some people may user your contact form to send spam by injecting "To: victim@domain.com\r\n".....

2) Use CAPTCHA
CAPTCHA in your forms in order to stop bots and automated programs

3) Protect your host
If you're on a shared hosting the hosting company takes care of the security of the servers, on the other hand if you have a dedicated server you have to hire a very good system administrator to keep your server up-to-date and apply necessary patches where needed.

Luckyman · 12-31-2007, 03:53 AM

Update your anti spyware, antivirus software and use add ons to your site only when it is necessary. Be careful about the freely available add ons! They are the most dangerous ones!!

TheFriend · 01-06-2008, 07:26 AM

Agree: Antispyware and avira antivirus are the most important programms.

dogznbonz · 01-25-2008, 12:16 PM

Good Luck, Sites will get hacked whether you like it or not. Remember some of the biggest most secure networks have been hacked and continue to get hacked, including our government network.

The best thing to do is make sure to protect the places hackers come in. The URL and Form fields.

BradP · 01-26-2008, 07:04 PM

Quote:

Originally Posted by InFloW

Well the big thing is to keep any scripts you're running up to date. If you're running say wordpress it's a bad idea to be running 2.0 when say 2.3 is out. You can say yeah my site is small but the thing is bots go around looking for specific versions so really no one is safe. I can say this from experience with customers with sites that get 1 hit a week and then they get exploited to their surprise.

yes, but the hassle of upgrading...

keanwoo · 08-17-2008, 10:20 PM

For me

1. Use quality server or host that will install website it.

2. if you use CMS. please Update program.

3. make it simple to do in everything; Simple is the best policy.

edd · 08-18-2008, 12:00 PM

wow, this is a blast from the past. I didn't even know I knew all that a year and a half ago.

Orwell · 06-08-2009, 04:13 AM

We use a software called dotdefender - its protect the website against web application attacks such sql injection, cross site scripting and others. Its basically a web application firewall that stop all those kinds of attacks.
Also, We use another tool for denial of service prevention.

Moneymen · 10-25-2009, 06:13 PM

there are lot of basic things u can do
No space in this post to mention all of them but if u want to find more visit my site which is dedicated to tutorials and helping webmaster on those issues

also u can pm me here if u still need good protection and we can arange some nice rate or some trade and i will check your site fully and protect it

it was my job for long time
and i still does it best

AirForce1 · 10-25-2009, 09:03 PM

I think open source scripts might be more reliable for building a website. I use zen-cart to build my own sites and they are always up to date. If some bugs found, they always release patches in time and the support forum is always there to help you.

athul · 10-26-2009, 04:56 AM

Best way to Protect is by Updating

Change Your admin password
Change Admin Login from "admin" to something
Use Captchas