1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Tips That Can Avoid Hacking of Sites

Discussion in 'Security' started by ivenms, Jul 21, 2007.

  1. #1
    Now days, the hacking is increasing through out the web. So for webmasters, it is very crucial situation. Is here any body who knows more about this field to give some points to take precautions to prevent hacking ?

    It is very worthy on now days.

    Surely this thread will help me and users like me to increase their web site's security.

    :)
     
    ivenms, Jul 21, 2007 IP
  2. FFMG

    FFMG Well-Known Member

    Messages:
    1,091
    Likes Received:
    39
    Best Answers:
    0
    Trophy Points:
    160
    #2
    I guess I could get it started,

    - Only use reputable, up to date, scripts.
    - Do not make your root password easy to 'guess'.

    FFMG
     
    FFMG, Jul 21, 2007 IP
  3. GS-Anderson

    GS-Anderson Guest

    Messages:
    26
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #3
    1. Set all your passwords to something very difficult to guess. This includes control panel passwords and paswords to an admin areas of your scripts. a good example would be somethin like ~th15*p455w0rd*15*n0t*345y*t0*gu355~
    2. Research your scripts before installing them. There are alot of insecure scripts that can leave you vunerable.
    3. Use a host that has some sort of brute force protection installed on the server.
    4. Make sure your host also has a firewall installed on the server.
    5. Use commone sense
     
    GS-Anderson, Jul 21, 2007 IP
  4. FFMG

    FFMG Well-Known Member

    Messages:
    1,091
    Likes Received:
    39
    Best Answers:
    0
    Trophy Points:
    160
    #4
    Good one, it is amazing how many sites are hacked because the admin did not use common sense.

    FFMG
     
    FFMG, Jul 21, 2007 IP
  5. ivenms

    ivenms Peon

    Messages:
    334
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #5
    1. The password you suggesting is very hard to remember. I think it is better to have a password with 10 - 15 characters and contains letters as well as numbers. Also it is better not to use the same password on other applications.

    3,4. Can you list hosts that support it?

    5. It is a valuable tip. But now days, there are news spread out of hacking of very large and popular web sites. How hackers get into the root of these sites?


    One more question:

    Is it is insecure to host sites on shared hosting server?
     
    ivenms, Jul 21, 2007 IP
  6. Doskono

    Doskono Peon

    Messages:
    153
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Make sure if you are using php, when you have get commands always have the program check if the get command is a real one that you have assigned. Make sure you are not vulnerable to SQL injection or cross site scripting. These are the most common ways of hacking these days...
     
    Doskono, Jul 21, 2007 IP
  7. Scolls

    Scolls Guest

    Messages:
    70
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Indeed, sanitize all user input ~ never trust the user.

    Follow what's going on in the world as regards security. Sites like Secunia are great, as well as milw0rm, etc. Wherever you can get information of holes in security for the various web apps you're using ~ knowledge is power.

    Keep your software up-to-date. Most forums that get hacked, for example, are those owned by people who do not keep their software up to date, and ignore available upgrades.
     
    Scolls, Jul 24, 2007 IP
  8. pj1s

    pj1s Active Member

    Messages:
    337
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    60
    #8
    Don't get traffic. ;)
    Avoid doing things as root.
     
    pj1s, Jul 27, 2007 IP
  9. scriptmakingman

    scriptmakingman Active Member

    Messages:
    280
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    58
    #9
    i personally am a hacker.
    Just use common sense, don't use "common" passwords.
    Don't use exploitable scripts (milw0rm.com)
    and make sure you keep everything up to date! :D
     
    scriptmakingman, Aug 8, 2007 IP
  10. ivenms

    ivenms Peon

    Messages:
    334
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #10
    I can find some valuable informations on this thread for avoid hacking. Expecting more tips from the members.

    Do you think shared hosting affect hacking?
     
    ivenms, Aug 14, 2007 IP
  11. Brandon Sheley

    Brandon Sheley Illustrious Member

    Messages:
    9,721
    Likes Received:
    612
    Best Answers:
    2
    Trophy Points:
    420
    #11
    don't piss off a hacker ;)

    yes, it's much easier to get hacked on shared hosting because the hacker can get to your site from other accounts that may have exploites.
     
    Brandon Sheley, Aug 14, 2007 IP
  12. BTS

    BTS Active Member

    Messages:
    184
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    58
    #12
    1- make your server ( No shared hosting )
    2- use firewall & IDS & mod security .....
    3- upgrade all your prog
    4- never use warez
    5- always take tours at milw0rm , securityfocus , securityreason , php.net and all security websites
    6- use Zend , ioncube
    7- always revise logs
    8- 99% security is from the server, 1% your mail
    9- penetration test
    10 -the security was created to be hacked there's No 100% security
     
    BTS, Aug 21, 2007 IP
  13. Anomaly1974

    Anomaly1974 Peon

    Messages:
    21
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #13
    Okay, OT so please forgive me but I have a question parallel to this. I think I either have some type of virus I have never seen or my site has been hacked but I am not sure which one. I can access one of my five sites. I have no connections to the other four at all. Still, when I use any computer other than my own I can connect fine. Any ideas? Sorry to go off topic but seeing people here who seem to be in the know, I need any ideas I can to keep from having to write zeros across my drive again.

    Thanks

    Ward
     
    Anomaly1974, Aug 25, 2007 IP
  14. linsys

    linsys Peon

    Messages:
    274
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    0
    #14
    Ok here are some tips

    1) Reverse Apache Proxy Servers (great way to protect your IIS servers and Domino Servers)

    2) IP restrict SSH, FTP, and other protocols using your firewall

    3) IP restrict management interfaces for Joomla, WP etc.. Use apache or your .htaccess for this.

    4) Install ossim (http://www.ossim.net) I know these developers their app is sweet!!!

    5) Nessus scan your box monthly

    6) Never run Windows or Windows servers, never run ASP or .NET, or IIS or any of that crap

    7) Run paros proxy against your site reg. http://www.parosproxy.org/index.shtml great URL vuln scanner

    8) Change passwords every month, use upper, lowercase, numbers and symbols on your passwords

    That should keep you safe for a while...
     
    linsys, Aug 27, 2007 IP
  15. BTS

    BTS Active Member

    Messages:
    184
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    58
    #15
    oh yes all products of microsoft = No security = always able to be hacked
    just beautiful control panel and simlple to use but no security
     
    BTS, Aug 28, 2007 IP
  16. rfdavid

    rfdavid Peon

    Messages:
    106
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #16
    That is totally false. Any site that isn't managed well (out of date patches, weak passwords, bad programming) is insecure. It makes no difference whether it is running BSD, Linux, Windows, PalmOS... I have personally run Windows Servers as Firewalls, Web Servers, and Database Servers without security issues. All it takes is some common sense. Look at Microsoft.com, it is run exclusively on Microsoft software and it seems to have a pretty good security record. It is all about the people running the server.
     
    rfdavid, Aug 28, 2007 IP
  17. FFMG

    FFMG Well-Known Member

    Messages:
    1,091
    Likes Received:
    39
    Best Answers:
    0
    Trophy Points:
    160
    #17
    I don't think this is true, (anymore).
    The windows machines, (personal use), have many security issues because the users don't protect their systems. The MS servers on the other hand are very secure.

    A good network/server administrator will ensure that the MS Server is up to date and secure.

    FFMG
     
    FFMG, Aug 28, 2007 IP
  18. BTS

    BTS Active Member

    Messages:
    184
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    58
    #18
    rfdavid & FFMG
    if you say that microsoft products safe
    d you remember IIS bug hhhhh
    and why all big company use linux like google , FreeBSD like yahoo
    digitalpoint.com use linux ,freebsd ,macos
    microsoft.com use linux oh yes :
    download.microsoft.com & search.microsoft.com
    http://searchdns.netcraft.com/?rest...=microsoft.com&lookup=wait..&position=limited
    if products of microsoft are safe why microsoft was hacked 2 time this year
    http://www.zone-h.org/index2.php?option=com_mirrorwrp&Itemid=43&id=6202670
    http://www.zone-h.org/content/view/14780/31/
    where's the security
     
    BTS, Aug 29, 2007 IP
  19. Pammer

    Pammer Notable Member

    Messages:
    3,417
    Likes Received:
    397
    Best Answers:
    0
    Trophy Points:
    260
    #19
    there are really nice steps, which i never knew that.. after seeing many hacked websites i think i need to be look on that really.. one of my freind 44 directories network just hacked of because common root passwords he was using for all.
     
    Pammer, Aug 29, 2007 IP
  20. rfdavid

    rfdavid Peon

    Messages:
    106
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #20
    Both of the times that Microsoft site was hacked was due to SQL injection which is not because IIS isn't secure, it is because the website developer didn't write proper SQL code. SQL injection is just as easy with PHP and MySQL as it is with ASPX and MSSQL.


    Look at the post below yours, 44 sites running your super secure Linux hacked at once. All server software in skilled hands can be secured. In incapable hands, there is no security. Anyone who says "X can't be secured" is really saying "I don't know how to secure it"

    ebay: IIS
    Walmart.com: IIS
    CDW.com: IIS
    Dell.com IIS

    Why would we believe the Server admins at these 4 huge websites when we could take a Linux fanboy's advice instead?
     
    rfdavid, Aug 29, 2007 IP