any tips ? how to protect your site from hackers ?what are the safety measures that a small but growing publisher should take ( ofcourse cant afford proffesional services)
Validate/filter all input and output when using forms, etc. Stay on top of all patches when using scripts/software, such as forums, shopping carts, etc. Above all, use common sense and trust no one. This is just the tip of the iceberg in terms of security measures.
Well, it depends on the website you are doing... if its a forum, use IPB as it isn't free and it isn't open source and it's made from a COMPANY not by heapz of geeks that wanna be a penguin and likes opensource, but if its a normal website just get a trustable server like dreamhost, don't trust anyone and don't let anyone know your pass
The only way that you can make your site secure is if you pay someone to do it or you do it yourself. If you are into web designing / programming, then you should have learn't about security early on. You have to not trust anyone, make your forums input and output secure, watch that your querys are not exploited / easy to hack and watch the data in the url if you are pulling snippets from it and using it for forms or querys.
Also, a few commonly overlooked security mistakes would be: 1. Anonymous FTP - make sure you disable this. 2. File and Directory permissions - learn them well. 3. Passwords - choose complex passwords with numbers, letters, and special characters.
If you use off the open source products don't use and defaults like default database table names (like nuke_users with phpNuke) and don't leave admin pages where bots will find them. Assume that a script will be what finds the holes in your security so leaving anything where a script would look is an invitation to a hack.
Seven Ways to Protect Your Website From Hackers Those of us who are hackers would be offended by the article's title. Hackers are ethical testers to find faults in systems so they can be corrected before unethical hackers (crackers) exploit them. So, this articles is really about how to protect your website from crackers. Keep your files up to date. If your site uses the popular SendMail script, please be sure your version is a current one. Read the article Security Experts Warn Of E-Mail Software Flaw to find out why. Visit Anti-Spam Provisions in Sendmail 8.8 to edit the FormMail script. We have the updated SendMail in use for the Harley Shopping Cart site. FormMail is another popular script used to send form results to an email address or database. We use that file for our website form. These scripts are located in the cgi-bin on the web host server. Signing up for updates for scripts (programs) your site uses will let you know if there are any. You should use the latest update to protect yourself. This is often the reason the update is released. If you are unsure of the scripts used on your website, contact your web developer. Remove unnecessary files. As your website changes, old files are ignored. They should be removed. Keep copies offline in case you wish to add them again, but remember to update any scripts. Old files are often indexed by search engines. So even if you do not link to those pages anymore, the search engines lists them for Internet users to find and visit. Automated programs to search for these files can find them to exploit them. Implement passwords. Any sensitive files, databases or scripts should be protected. Please use passwords that are difficult to guess. Use letters AND numbers, but be careful to keep the number of characters within the programmed limits and remember that passwords are case-sensitive. Include robots.txt. Create a file to tell search engines not to index files that are restricted to certain users. You can also disallow indexing of images, so people who search for images to use illegal do not steal your images. Check permissions of uploaded files. Left-click each filename in your web host server, then right-click and select CHMOD to make sure files are set to the proper permissions. Check with your web host if you are unsure. Remember to upload images as binary and most other files as ASCII files. Choosing Auto for automatic selection may be incorrect if certain extensions are not specified. Protect email addresses. If you ever got a strange email that tested your form or simply sent you an email to yourself, one of those spammer programs found your email address from your website or someone else's. There are scripts to split up your email address, so spammer software programs cannot read them. Another way is to place your email address in an image or simply have an "Email us" link. I haven't done this, but I didn't have any problems until recently. I still want to make my contact information visible to my target audience. If you sign guestbooks, go to forums or newsgroups, or share your email address with anyone else, your email address can be posted and shared all over the Internet. I often use several email addresses when making posts, because spammers look there first for email addresses. To spammers, a guestbook is an email address database. So use a Hotmail account for your email, but you can still include your web address in your signature. If the Internet user visits your site, the user can contact you using the link on your site. The spammers probably won't visit your site, so the spam goes to the posted email address. Protect your source code. Some people use that stupid right-click script to protect their source code. Not only does that not protect your code, you are disabling browser functions such as adding your site to their favorites or printing. Though many people have "borrowed" my source code, I would not want to disable functions that my target audience wants to use. There are scripts to make your source code hidden. This is more effective, but a pain for anyone who wants to edit your site. The preferred method is external files such as external style sheets or javascript files.
this is a big problem and mostly your site is hacked from your hosting means server... mostly the shared hosting servers hacked very easily... and they hacked all the sites....