| |||||||
This is a discussion on How can I make a website secure ? within the Server Administration section, part of the Web Design/Development and SEO category; Today, there are N number of threats to a hosted website. I am not pretty sure how can one make ...
 |
|
| | LinkBack | Thread Tools | Display Modes |
|
#1
13-01-2009, 05:09 PM
| ||||
| ||||
 How can I make a website secure ?
Today, there are N number of threats to a hosted website. I am not pretty sure how can one make the website safe from the hackers. Is it through firewall or some secure scripts or what more can be done to make it more safer ?
 |
|
#2
13-01-2009, 05:41 PM
| ||||
| ||||
|
Secure code for your website that prevents SQL injection and filters bad input is the first thing. Never store passwords as plain text in the database, instead use strong hashing algorithm like SHA256. If your code is safe enough and you're still being hacked then there are chances that you are being hacked directly from the server. Firewall, secure shell (SSH), upgrading softwares/apps/system regularly, keeping up with security patches and hotfixes, turning off and uninstall unneeded services etc. are few of the things you need to secure your server. For securing your vBulletin forums, check this out. http://tech6.com/f51/ultimate-guide-...r-forums-t319/
__________________ Would you like to Link To Us | Support TECH6 by going Premium Know more about me at Vinayaks.com | Follow TECH6 at Twitter  |
|
#3
28-03-2009, 08:20 PM
| ||||
| ||||
|
Great advice from webwizzy Injection attacks are the worst as well as the easiest trap to fall into. I also try and avoid using cookies as they are stored on the client PC and can be changed by the user. If you have membership settings saved in a cookie, the user can edit the cookie and escalate their membership access type.
__________________ Go placidly amid the noise and haste, and remember what peace there may be in silence The Desiderada |
|
#4
17-09-2009, 08:47 AM
| ||||
| ||||
|
I agree with webwizzy's and TaL's points. Though in addition I would like to highlight what webwizzy said. As Said by webwizzy |
|
#5
05-02-2012, 06:00 PM
| ||||
| ||||
|
Typically by default, when a Cpanel account is setup, FTP will be working as well. Usually your system administrator, who is probably your webhost would only be the one who would be able to disable FTP on your server. So in this is nothing you would have control of mico. If your website uses no programming, there is no way it could have got hacked through your actual website files. It would have been hacked some other method, such as your host not keeping your server up to date and someone breaking in through programs that had security holes, or if you are using extremely easy passwords and someone guessed your credentials. The ExecCGI option allows you to execute CGI, such as perl scripts on your website, given that your web host allows you to use that directive. If you really feel someone has broke into your web server, I would contact your web host immediately and have them look into things to help you figure out what is going on.
__________________ smtp |
|
| Bookmarks |
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
