1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

The Best Way to Secure Yourself! Read!

Discussion in 'Security' started by Gnet, Mar 2, 2007.

  1. #1
    Ok after being hacked 4 times i had to do some research and found this is thee best way to stop hackers of any kind what so ever!

    First
    If you have already been hacked then you must have a pretty good idea of where the hacker is from, note all of that info down!

    Ok even if you dont have it move to step 2

    Second

    Now the best way, or the first step to stop hackers is to ban ips now which ips?
    well here are some countries which is full of potential threats:

    Tehran
    Iran
    Saudia
    Kuwait
    Qatar
    Turkey


    Third:

    Install the GEOIP mod:
    http://www.maxmind.com/app/mod_geoip

    And ban the following countries:


    Tehran
    Iran
    Saudia
    Kuwait
    Qatar
    Turkey


    Any comments on this welcomed
     
    Gnet, Mar 2, 2007 IP
  2. JoshuaGross

    JoshuaGross Peon

    Messages:
    411
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    0
    #2
    One obvious problem is if you have users from those countries. There are a lot of arcade sites that have large percentages of Turkish users (IIRC).
     
    JoshuaGross, Mar 2, 2007 IP
  3. Gnet

    Gnet Peon

    Messages:
    5,340
    Likes Received:
    529
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Well id rather have clean traffic then have the treat of being hacked.
     
    Gnet, Mar 2, 2007 IP
  4. T0PS3O

    T0PS3O Feel Good PLC

    Messages:
    13,219
    Likes Received:
    777
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Yeah, and those hackers have never heard of proxies.

    This will never really be THE BEST way to secure a site. This is like leaving Harrods unlocked and just stopping muslims form entering.

    Real security takes a bit more sophisticated approach.
     
    T0PS3O, Mar 2, 2007 IP
  5. Gnet

    Gnet Peon

    Messages:
    5,340
    Likes Received:
    529
    Best Answers:
    0
    Trophy Points:
    0
    #5
    I know that but i have to do the best i can?
    i mean cmon im not here whining about how i was hacked im acutally trying to do something..

    And as far as my budget goes this si the best approach for me

    If you have any ideas how to get more secured...im all ears here bro
     
    Gnet, Mar 2, 2007 IP
  6. T0PS3O

    T0PS3O Feel Good PLC

    Messages:
    13,219
    Likes Received:
    777
    Best Answers:
    0
    Trophy Points:
    0
    #6
    I'm just saying your labeling this 'solution' quite generously. Sure, it may work for you for some time but this is hardly secure.

    Better is to find the actual holes and patch them.

    Here's a tip I can share:

    When installing Open Source or other popular software, ALWAYS change the default folder names. On vB admincp/ becomes adminhere/, osCommerce's /admin becomes /manage and /includes becomes /required.

    It may only be security by obscurity but at least the thousands of hackers' file probes fail and they'll move to someone else's server.
     
    T0PS3O, Mar 2, 2007 IP
    Obelia likes this.
  7. Gnet

    Gnet Peon

    Messages:
    5,340
    Likes Received:
    529
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Gnet, Mar 2, 2007 IP
  8. thedark

    thedark Well-Known Member

    Messages:
    1,346
    Likes Received:
    43
    Best Answers:
    0
    Trophy Points:
    168
    Digital Goods:
    1
    #8
    use only secure software
     
    thedark, Mar 2, 2007 IP
  9. blue_angel

    blue_angel Well-Known Member

    Messages:
    1,174
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    130
    #9
    Dear friend gnet today my site hacked by someone from mention of the above countries.
    I disagree with your approach it's like I have headache so we cut head and we are ok.
    We must find more sophisticate approach to solve the problem
     
    blue_angel, Mar 2, 2007 IP
  10. rootbinbash

    rootbinbash Peon

    Messages:
    2,198
    Likes Received:
    88
    Best Answers:
    0
    Trophy Points:
    0
    #10
    why dont you allow only yourself?Or maybe plug off the server?

    This is not a solution
     
    rootbinbash, Mar 2, 2007 IP
  11. clancey

    clancey Peon

    Messages:
    1,099
    Likes Received:
    63
    Best Answers:
    0
    Trophy Points:
    0
    #11
    Not only is this not the best way to secure your website, it does not secure your site.

    It is based on the incorrect presumption that black hats and script kiddies only come from a short list of Middle Eastern countries. This is absolutely incorrect. There are multitudes of such individuals in the United States, Canada, China, western Europe, Russia, and every other country with internet service.

    There is only one way to certifiable protect the data on a server -- never use a server.

    The next best solution is to follow TOPS30's advice, study all sources of information about securing internet servers, make sure all software is fully patched all the time, harden all software installed on your machine, review the source code for all scripts that you install to determine whether or not they contain obvious holes, use hard to guess user names and passwords.

    There is no such thing as perfect security and no such thing as an inately secure operating system. That is marketing hype. Therefore, it is imperative to do the most you can to protect your data.
     
    clancey, Mar 2, 2007 IP
  12. JoshuaGross

    JoshuaGross Peon

    Messages:
    411
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    0
    #12
    This is actually why I will only use my own PHP code on my sites except for *very* unimportant details. Blogs, phpBB, etc - every time I've installed something third party it's been hacked on my servers. If I ever install third party software it MUST be well supported, actively, and I subscribe to updates. You can't let any software remain unpatched.

    Server software itself (PHP, Apache, qmail, mysql) then becomes the largest problem, but those have never been as big an issue for me. Preferably, your host will perform upgrades ASAP. Otherwise, make sure you or a hired server admin keep things up to date.
     
    JoshuaGross, Mar 2, 2007 IP
  13. nddb

    nddb Peon

    Messages:
    803
    Likes Received:
    30
    Best Answers:
    0
    Trophy Points:
    0
    #13
    You can get hacked from anywhere, heard of TOR? or proxies in general? lol.

    The best security is not blocking countries, but making/using scripts without holes.
     
    nddb, Mar 2, 2007 IP
  14. infonote

    infonote Well-Known Member

    Messages:
    4,032
    Likes Received:
    68
    Best Answers:
    0
    Trophy Points:
    160
    #14
    Turkey is a fairly developed country. So why ban them. Plus they are not in the "axis of evil".
     
    infonote, Mar 2, 2007 IP
  15. JoshuaGross

    JoshuaGross Peon

    Messages:
    411
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    0
    #15
    :eek: But they're not part of America and they don't speak English!!
     
    JoshuaGross, Mar 2, 2007 IP
  16. GetWebHost

    GetWebHost Active Member

    Messages:
    735
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    78
    #16
    GetWebHost, Mar 2, 2007 IP
  17. Sini

    Sini Peon

    Messages:
    119
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #17
    Banning ip:s without a clear reason has nothing to do with security. Although you could hack the original ip of a hacker, he'll just use proxy and that's it.

    In my oppinion best ways to prevent website hacking (hacking an entire server and preventing that is a different thing and is host's responsibility, unless you have an unmanaged dedicated server)

    - Use scripts which have good reputation and which are in active developement (meaning that when for example a security hole is found that will be patched quickly)

    - Remember to keep your scripts up to date (this is very important)

    - Keep your folder and file structure clean...don't upload your extra files here and there etc.

    - Make sure your files and folders have correct permissions.

    - If you notice anything wierd going on (wierd traffic etc) contact your host although you wouldn't have been hacked. It's good to let your host check it (and they should do it!) and tell you what is causing it and if it's ok or not.
     
    Sini, Mar 2, 2007 IP
  18. blue_angel

    blue_angel Well-Known Member

    Messages:
    1,174
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    130
    #18
    You can get hacked from anywhere or proxies The best security is not blocking countries, but making/using scripts without holes. and my site hacked by similar script
     
    blue_angel, Mar 3, 2007 IP
  19. WebGeek182

    WebGeek182 Active Member

    Messages:
    510
    Likes Received:
    28
    Best Answers:
    0
    Trophy Points:
    95
    #19
    Absolutely agree!

    Again, dead-on...one of the simplest ways is to change filenames. Most of their hacking scripts are looking for default names. This does not secure you, but rather LOWERS THE RISK. There is a difference. I would advise having a good talk with a Senior IT Security officer at your hosting company, or switching to a better host that has better security measures in place. I also, I know it's been said, but only use SECURE programs and scripts on your site.
     
    WebGeek182, Mar 3, 2007 IP
  20. Obelia

    Obelia Notable Member

    Messages:
    2,083
    Likes Received:
    171
    Best Answers:
    0
    Trophy Points:
    210
    #20
    There's no such thing as 100% secure, only more secure or less secure. Changing default filenames is a good approach, but not as important as keeping up with the latest patches on a script.

    Even more secure would be to use as few scripts as possible, so you only have to go one place to check for patches. Otherwise it becomes tedious to maintain your scripts, and you will end up forgetting to do it or just not bothering.
     
    Obelia, Mar 6, 2007 IP