Last week , my Homepage was attacked by Others . And I don't know bout it . Now i want to learn about Web Protection or Security script . Would you DP members tell me , How/When/What should i start for protection ? Thanks , Wait for the Reply ..
You can find more useful articles about web security and in particular security PHP Security on acunetix.com
If you use a database, make sure to use one that supports prepared statements and make sure all queries are performed that way. If you accept any user input at all, make sure you properly validate all user input. Log in and sessions that depend upon login should only be allowed over SSL, cookie theft resulting in session hijacking over non SSL connections is just too easy. Without knowing anything about your software, there is not much anyone can tell you. Installing scripts sounds like reactive security. What you need is proactive security, implement security and policies that thwart attacks before they happen.
Back up your data base every day, and keep a regular schedule of backups. (You can read about backup strategy on the web.) A hacked, backed-up site is a minor annoyance. A hacked not-backed-up site is probably a goner. Web security? If Google can be hacked, anyone can be hacked. You can keep the script kiddies out, you can't make a totally secure site unless it's not on the internet.
A hacked backed-up site is more than a minor annoyance. If the hacker grabbed any parts of the database, you may have a serious problem. If any sensitive information was grabbed, you now have an obligation to inform all users. You probably should make all users change their passwords, even if you use a hash method that involves changing the salt for each user. If sensitive information is grabbed and you do not inform your users, if such information is used to cause financial damage to any of your users, you very well may find yourself on the losing end of a lawsuit. While I personally have never had to do it, I am sure informing your users is a very embarrassing thing to do, but it must be done. If it is a regular thing, kiss your user base goodbye. Also, a hacked web site can frequently be used as a spam relay and if that happens too often, you may find your hosting provider giving you the boot. You can never be 100% sure that your site will never be hacked, but backing up and restoring when it happens is not a security philosophy. When it happens, you need to examine how it happened and determine how your security policy needs to adjust to prevent that kind of attack from being successful again.
A hacked website is almost ALWAYS a result of POOR PROGRAMMING. Learn about how hackers take advantage of poor programming, then fix your programming. Doing that will do more for site security than anything else you can do.
http://www.eroticaplexus.net/Security/ It is not exhaustive guide to security, but it touches on SQL Injection, XSS / CSRF, and Session theft - with links to more resources. Other resources - HTMLPurifier: http://htmlpurifier.org/ OWASP: https://www.owasp.org/
Well , okay thanks guys for your answer . maybe i should learn more security , and related this . for develop a website . thanks ,