hey DP this is my first thread, i'm not in teaching mode because i'm still newbie like many others out there, just post my experience hope this help Tracking Unnormally Visitor of your site : - install web tracker like google analitics, here you can found stat of your site and find the bad site referer, ex. unnormally traffic from unknown host its different with traffic from your advertising site referer, you can easy block them with .htaccess script RewriteEngine on RewriteCond %{HTTP_REFERER} ^http://.*somebadforum\.com [NC] RewriteRule .* - [F] this could be easy if you using script like crawl security Blocking Bad Bot using .htaccess method : #get rid of bad bots RewriteEngine on RewriteCond %{HTTP_USER_AGENT} ^BadBot [OR] RewriteCond %{HTTP_USER_AGENT} ^EvilScraper [OR] RewriteCond %{HTTP_USER_AGENT} ^FakeUser RewriteRule ^(.*)$ http://go.away/ the code tell your webserver to check for any bot whose user-agent string starts with "BadBot". When it sees a bot that matches, it redirects them to a non-existent site called "go.away". its could be easy if you installing crawl security on your site Scan your Site : there thousand out there site scanner, like avg site scanner or clamav but how about website scanner, you can use http://www.urlvoid.com/ to doing this automaticly and free. Found bug at your site : - this is newbie method you can simply buy product like Acunetix Web Security Scanner to audit your site from web aplication security, its not free however - using metasploit framework or some hacker exploiter aplication, many people out there does'nt agree with this method but, the theory is simple, do what the hackers do so you can defend against them, simple but its true, this is simple and easy method but i think its really work for me, in minor case, i dont say its really security because who can block the real hacker attack, every day site like offensive security or inject0r and thousand community out there producting a colours of hackers type, white, black, grey whatever... the main things of this tharead is if you want to defends against hacker you must learn to be hacker first...
Another big point is not to have files/folders at your hosting assigned with 777 (write) permissions. It is a huge security risk, like an open invitation to hackers to put their malicious code in your web. In case of open source application, always use updated version because out dated versions can also be as dangerous as 777 permissions.
There is no way in the world this would stop, hackers, or alike, you have no idea what your talking about.
yeah, i agree... there is no one out there, even commercial or open source developers, can not guarantee 100% the security aspect, by the way you can try the website protector, this product help me in many case, i do not expert in website security, but this product help me made and improve my website security in easy click, try it i suggest this one heres the adress link www.websiteprotector.net
Protect your files with passwords. No doubt, your website contain scripts, database files and are not intended to be shared publicly, but perhaps the search engine robots. To avoid anyone getting hold of them, may be ideal to protect with a password. However, you must ensure that these are very difficult to decipher.