Hacking - A guide to webmasters !!!

I have seen a lot of postings from many users abt the hacking faced by there sites/servers etc.

Its time for us to think more on this issue.Why your site get hacked ?
Most of the hacking in shared hosting occurs due to the script bug in ur site.This can kill ur site to a great limit.

How can we prevent them ?
The only method to prevent them is to have a proper update in your scripts.
I prefer not to add any modules or add-ons to your script which is available in through google.If you are installing some adds then you should get them from the authorised people of that script.
Don't add the latest mods because it can have bugs which mightn't be found out.


What about dedicated servers ?
In server hacking there are a bunch of methods.It can be from local brute force to high exploit using.I prefer everyone to use Unix or Linux platform in ur servers.But even if u use them u should aware of all the security bugs come across the software including the Operating Systems.
Please do check to close all the unused ports in your sites and use a proper monitoring tool within u.You can also have a Ethical hackers check in ur system.


If you are a programmer or script writer then u must have a proper knowledge about security methods of your script.Or else make it Open Source and make it available to the world so that u can get bundles of help from other geeks.


Note that I have limited knowledge and I am calling all the White Hat Geeks to add there comments to this thread.

 

I am considering whether to host a new web site on my own server to use a web hosting service. I don't currently have adequate security set up and the server is of course not connected to the internet.

It will be a non-profit making site primarily but then I intend to use it for something like adsence assuming I am accepted by them.

Can anyone give me some pros and cons for hosting it yourself versus getting it hosted for you please.

My main concern using my owen server is of course security and getting hacked. I don't write my own scripts, well not much anyway. I have a number of sites already hosted, but find there are restrictions on what I can do with them and time waiting for their internal approval processes to go through in some cases.

I will of course back up the server so I was wondering what the risk is in being hacked and liklihood of it happening I suppose. Finally similar to the start of the thread what can I do to protect myself?

Paul

 

One extra bit its child oriented so I guess that makes the risk higher.

I would appreciate any comments help or suggestions as to how I make sure it doesn't end in disaster as it is for a local cub / scout group.

Thanks

Paul

 

I have a few points. First, please if you release something use proper grammar so that it's easier to read. I believe it's in the forum rules.

Second, a lot of information here is pretty basic and is discussed pretty regularly. But all in all the survey of your material is pretty correct (and generic). I would recommend doing some research to actually discuss what needs to be done.

And who's to say that earlier versions don't have any security issues? I have found numerous vulnerabilities in previous versions of software. Sometimes exploits found in the current release can be found in all previous releases.

Having a pessamistic security standpoint not only restricts you from having the latest of a mod (which might have more security fixes than the one you currently have) but it just not good practice.

 

In my experience, software tends to be either secure from the very start, or insecure no matter how much you patch it. Maybe it is something about the programmer, or maybe once you've written bad code, the broken foundation is not easy to fix. I would recommend always doing a background search on the product you are going to use to see how many security holes were discovered in the past, and how serious they were.

 

hello

hidde all info possible, no display correct server headers , no display softwares version , read your server logs every day , and one more no trust in anyone the friend today is your enemy tomorow !

 

There is no magic solution , the best way to prevent hacks is to make sure that you have an update system. Make sure that your php code is secure ( bad include() ) and check your MySQL request. check the file chmod,etc...

good luck !

 

I would suggest to hire some server management company, it's cheap these days, you can get your server patched (includes kernel, /tmp, software updates, firewall, etc...) for a 1 time fee of 50-100$ and for regular maintenance, update and monitoring for 25-50$ per month. Just do a search in google. you will find many

Greets

 

Agree with funtoosh Hire a server admin company for $20-$40 p/m

 

Thanks for your help I'm using a dedicated server company now to avoid hacking

 

There was a user offering a service here to tell you if your site has any exploits.

 

Yes me, my research portal has worked with microsoft and found vulnerabilities in all the most important websites in the world ( http://blogs.hackerscenter.com/zinho/?p=8 ) or http://www.hackerscenter.com/security to see all our advisories.

We can audit your site for all known web application vulnerabilities and give you a report and help on how to fix them. You can also choose to let us secure your scripts. In any case you would pay our report only if we find any vulnerability.

PM Me if interested