1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Hacking - A guide to webmasters !!!

Discussion in 'Security' started by pulikuttann, Mar 7, 2007.

  1. #1
    I have seen a lot of postings from many users abt the hacking faced by there sites/servers etc.

    Its time for us to think more on this issue.Why your site get hacked ?
    Most of the hacking in shared hosting occurs due to the script bug in ur site.This can kill ur site to a great limit.

    How can we prevent them ?
    The only method to prevent them is to have a proper update in your scripts.
    I prefer not to add any modules or add-ons to your script which is available in through google.If you are installing some adds then you should get them from the authorised people of that script.
    Don't add the latest mods because it can have bugs which mightn't be found out.


    What about dedicated servers ?
    In server hacking there are a bunch of methods.It can be from local brute force to high exploit using.I prefer everyone to use Unix or Linux platform in ur servers.But even if u use them u should aware of all the security bugs come across the software including the Operating Systems.
    Please do check to close all the unused ports in your sites and use a proper monitoring tool within u.You can also have a Ethical hackers check in ur system.


    If you are a programmer or script writer then u must have a proper knowledge about security methods of your script.Or else make it Open Source and make it available to the world so that u can get bundles of help from other geeks.


    Note that I have limited knowledge and I am calling all the White Hat Geeks to add there comments to this thread.
     
    pulikuttann, Mar 7, 2007 IP
  2. Paul8368

    Paul8368 Well-Known Member

    Messages:
    614
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    110
    #2
    I am considering whether to host a new web site on my own server to use a web hosting service. I don't currently have adequate security set up and the server is of course not connected to the internet.

    It will be a non-profit making site primarily but then I intend to use it for something like adsence assuming I am accepted by them.

    Can anyone give me some pros and cons for hosting it yourself versus getting it hosted for you please.

    My main concern using my owen server is of course security and getting hacked. I don't write my own scripts, well not much anyway. I have a number of sites already hosted, but find there are restrictions on what I can do with them and time waiting for their internal approval processes to go through in some cases.

    I will of course back up the server so I was wondering what the risk is in being hacked and liklihood of it happening I suppose. Finally similar to the start of the thread what can I do to protect myself?

    Paul
     
    Paul8368, Mar 7, 2007 IP
  3. Paul8368

    Paul8368 Well-Known Member

    Messages:
    614
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    110
    #3
    One extra bit its child oriented so I guess that makes the risk higher.

    I would appreciate any comments help or suggestions as to how I make sure it doesn't end in disaster as it is for a local cub / scout group.

    Thanks

    Paul
     
    Paul8368, Mar 7, 2007 IP
  4. Louis11

    Louis11 Active Member

    Messages:
    783
    Likes Received:
    26
    Best Answers:
    0
    Trophy Points:
    70
    #4
    I have a few points. First, please if you release something use proper grammar so that it's easier to read. I believe it's in the forum rules.

    Second, a lot of information here is pretty basic and is discussed pretty regularly. But all in all the survey of your material is pretty correct (and generic). I would recommend doing some research to actually discuss what needs to be done.

    And who's to say that earlier versions don't have any security issues? I have found numerous vulnerabilities in previous versions of software. Sometimes exploits found in the current release can be found in all previous releases.

    Having a pessamistic security standpoint not only restricts you from having the latest of a mod (which might have more security fixes than the one you currently have) but it just not good practice.
     
    Louis11, Mar 8, 2007 IP
  5. spachev

    spachev Peon

    Messages:
    42
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    In my experience, software tends to be either secure from the very start, or insecure no matter how much you patch it. Maybe it is something about the programmer, or maybe once you've written bad code, the broken foundation is not easy to fix. I would recommend always doing a background search on the product you are going to use to see how many security holes were discovered in the past, and how serious they were.
     
    spachev, Mar 8, 2007 IP
  6. Estevan

    Estevan Peon

    Messages:
    120
    Likes Received:
    8
    Best Answers:
    1
    Trophy Points:
    0
    #6
    hello

    hidde all info possible, no display correct server headers , no display softwares version , read your server logs every day , and one more no trust in anyone the friend today is your enemy tomorow !
     
    Estevan, Mar 9, 2007 IP
  7. fouadz

    fouadz Peon

    Messages:
    132
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #7
    There is no magic solution , the best way to prevent hacks is to make sure that you have an update system. Make sure that your php code is secure ( bad include() ) and check your MySQL request. check the file chmod,etc...

    good luck !
     
    fouadz, Mar 9, 2007 IP
  8. funtoosh

    funtoosh Active Member

    Messages:
    415
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    60
    #8
    I would suggest to hire some server management company, it's cheap these days, you can get your server patched (includes kernel, /tmp, software updates, firewall, etc...) for a 1 time fee of 50-100$ and for regular maintenance, update and monitoring for 25-50$ per month. Just do a search in google. you will find many

    Greets
     
    funtoosh, Mar 17, 2007 IP
  9. Dediwebspace

    Dediwebspace Active Member

    Messages:
    469
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    55
    #9
    Agree with funtoosh Hire a server admin company for $20-$40 p/m
     
    Dediwebspace, Mar 23, 2007 IP
  10. Paul8368

    Paul8368 Well-Known Member

    Messages:
    614
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    110
    #10
    Thanks for your help I'm using a dedicated server company now to avoid hacking
     
    Paul8368, Apr 7, 2007 IP
  11. EGS

    EGS Notable Member

    Messages:
    6,078
    Likes Received:
    438
    Best Answers:
    0
    Trophy Points:
    290
    #11
    There was a user offering a service here to tell you if your site has any exploits. :)
     
    EGS, Apr 7, 2007 IP
    D'Godown likes this.
  12. Zinho

    Zinho Peon

    Messages:
    284
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #12
    Yes me, my research portal has worked with microsoft and found vulnerabilities in all the most important websites in the world ( http://blogs.hackerscenter.com/zinho/?p=8 ) or http://www.hackerscenter.com/security to see all our advisories.

    We can audit your site for all known web application vulnerabilities and give you a report and help on how to fix them. You can also choose to let us secure your scripts. In any case you would pay our report only if we find any vulnerability.

    PM Me if interested
     
    Zinho, Apr 9, 2007 IP