Now days, the hacking is increasing through out the web. So for webmasters, it is very crucial situation. Is here any body who knows more about this field to give some points to take precautions to prevent hacking ? It is very worthy on now days. Surely this thread will help me and users like me to increase their web site's security.
I guess I could get it started, - Only use reputable, up to date, scripts. - Do not make your root password easy to 'guess'. FFMG
1. Set all your passwords to something very difficult to guess. This includes control panel passwords and paswords to an admin areas of your scripts. a good example would be somethin like ~th15*p455w0rd*15*n0t*345y*t0*gu355~ 2. Research your scripts before installing them. There are alot of insecure scripts that can leave you vunerable. 3. Use a host that has some sort of brute force protection installed on the server. 4. Make sure your host also has a firewall installed on the server. 5. Use commone sense
1. The password you suggesting is very hard to remember. I think it is better to have a password with 10 - 15 characters and contains letters as well as numbers. Also it is better not to use the same password on other applications. 3,4. Can you list hosts that support it? 5. It is a valuable tip. But now days, there are news spread out of hacking of very large and popular web sites. How hackers get into the root of these sites? One more question: Is it is insecure to host sites on shared hosting server?
Make sure if you are using php, when you have get commands always have the program check if the get command is a real one that you have assigned. Make sure you are not vulnerable to SQL injection or cross site scripting. These are the most common ways of hacking these days...
Indeed, sanitize all user input ~ never trust the user. Follow what's going on in the world as regards security. Sites like Secunia are great, as well as milw0rm, etc. Wherever you can get information of holes in security for the various web apps you're using ~ knowledge is power. Keep your software up-to-date. Most forums that get hacked, for example, are those owned by people who do not keep their software up to date, and ignore available upgrades.
i personally am a hacker. Just use common sense, don't use "common" passwords. Don't use exploitable scripts (milw0rm.com) and make sure you keep everything up to date!
I can find some valuable informations on this thread for avoid hacking. Expecting more tips from the members. Do you think shared hosting affect hacking?
don't piss off a hacker yes, it's much easier to get hacked on shared hosting because the hacker can get to your site from other accounts that may have exploites.
1- make your server ( No shared hosting ) 2- use firewall & IDS & mod security ..... 3- upgrade all your prog 4- never use warez 5- always take tours at milw0rm , securityfocus , securityreason , php.net and all security websites 6- use Zend , ioncube 7- always revise logs 8- 99% security is from the server, 1% your mail 9- penetration test 10 -the security was created to be hacked there's No 100% security
Okay, OT so please forgive me but I have a question parallel to this. I think I either have some type of virus I have never seen or my site has been hacked but I am not sure which one. I can access one of my five sites. I have no connections to the other four at all. Still, when I use any computer other than my own I can connect fine. Any ideas? Sorry to go off topic but seeing people here who seem to be in the know, I need any ideas I can to keep from having to write zeros across my drive again. Thanks Ward
Ok here are some tips 1) Reverse Apache Proxy Servers (great way to protect your IIS servers and Domino Servers) 2) IP restrict SSH, FTP, and other protocols using your firewall 3) IP restrict management interfaces for Joomla, WP etc.. Use apache or your .htaccess for this. 4) Install ossim (http://www.ossim.net) I know these developers their app is sweet!!! 5) Nessus scan your box monthly 6) Never run Windows or Windows servers, never run ASP or .NET, or IIS or any of that crap 7) Run paros proxy against your site reg. http://www.parosproxy.org/index.shtml great URL vuln scanner 8) Change passwords every month, use upper, lowercase, numbers and symbols on your passwords That should keep you safe for a while...
oh yes all products of microsoft = No security = always able to be hacked just beautiful control panel and simlple to use but no security
That is totally false. Any site that isn't managed well (out of date patches, weak passwords, bad programming) is insecure. It makes no difference whether it is running BSD, Linux, Windows, PalmOS... I have personally run Windows Servers as Firewalls, Web Servers, and Database Servers without security issues. All it takes is some common sense. Look at Microsoft.com, it is run exclusively on Microsoft software and it seems to have a pretty good security record. It is all about the people running the server.
I don't think this is true, (anymore). The windows machines, (personal use), have many security issues because the users don't protect their systems. The MS servers on the other hand are very secure. A good network/server administrator will ensure that the MS Server is up to date and secure. FFMG
rfdavid & FFMG if you say that microsoft products safe d you remember IIS bug hhhhh and why all big company use linux like google , FreeBSD like yahoo digitalpoint.com use linux ,freebsd ,macos microsoft.com use linux oh yes : download.microsoft.com & search.microsoft.com http://searchdns.netcraft.com/?rest...=microsoft.com&lookup=wait..&position=limited if products of microsoft are safe why microsoft was hacked 2 time this year http://www.zone-h.org/index2.php?option=com_mirrorwrp&Itemid=43&id=6202670 http://www.zone-h.org/content/view/14780/31/ where's the security
there are really nice steps, which i never knew that.. after seeing many hacked websites i think i need to be look on that really.. one of my freind 44 directories network just hacked of because common root passwords he was using for all.
Both of the times that Microsoft site was hacked was due to SQL injection which is not because IIS isn't secure, it is because the website developer didn't write proper SQL code. SQL injection is just as easy with PHP and MySQL as it is with ASPX and MSSQL. Look at the post below yours, 44 sites running your super secure Linux hacked at once. All server software in skilled hands can be secured. In incapable hands, there is no security. Anyone who says "X can't be secured" is really saying "I don't know how to secure it" ebay: IIS Walmart.com: IIS CDW.com: IIS Dell.com IIS Why would we believe the Server admins at these 4 huge websites when we could take a Linux fanboy's advice instead?