Security

  • PluTunium
  • Professor
  • Professor
  • User avatar
  • Posts: 812
  • Loc: Touring the USA

Post 3+ Months Ago

Ok. I am wondering how to secure my site.. Like you know how people can deface your site? I want to make sure they can't. I want to make sure they can't change anything on it? What would I have to do.. What do i use? what should i read up on?
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23455
  • Loc: Woodbridge VA

Post 3+ Months Ago

Should be pretty simple. They'd have to know your FTP address username and password to hack your domain and change your page files. Getting the FTP address is easy (pretty standard format) Getting your user name is harder but not impossible. Best thing is to make sure you have a fairly complex password -- intermix case and toss in numbers)

I wouldn't worry too much though. Hackers don't waste their time on the little guys. It's the big boys that give 'em status when they hack in.
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

Yup, password security is about all you can do..

Unless you're the admin of the system, there are going to be things that a hacker will attempt to exploit that are beyond your control.

Most won't gain entry THROUGH your site. They usually gain entry through other insecure software running on the server (for example, certain vulnerable FTP daemons, or E-Mail pipes through PINE - a shell interface E-Mail client).

Of course, that doesn't mean they CAN'T gain entry through your site, it all depends on how the site's coded.

If you have a database driven site, making sure that MySQL will only accept incoming connections from your username on the "localhost" address (as opposed to an "%" address, which lets you in on any IP address as long as you have the correct username & password) will drastically reduce the risks of your database getting tampered with. If it's set to only allow localhost, then even if they have your database username & password, they won't be able to access your database unless they have access to the local system. Although, this access could potentialy be gained by exploiting vulnerable scripts that may exist on your website.

Basically, there's a million and one hacks out there, and a million and one ways to stop them. New hacks are being worked out all the time because new software with new vulnerabilities are being written every day.

The best thing to do, is assume that you ARE going to be hacked, that the system you're on is capable of BEING hacked, and all your hard work is going to be destroyed. With that in mind, make sure you keep regular backups.

There's probably not a computer on this planet that's 100% safe from every potential intruder (except, perhaps, for one that isn't turned on :)).
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23455
  • Loc: Woodbridge VA

Post 3+ Months Ago

Axe wrote:

The best thing to do, is assume that you ARE going to be hacked, that the system you're on is capable of BEING hacked, and all your hard work is going to be destroyed. With that in mind, make sure you keep regular backups.

There's probably not a computer on this planet that's 100% safe from every potential intruder (except, perhaps, for one that isn't turned on :)).


:thumbsup:
  • PluTunium
  • Professor
  • Professor
  • User avatar
  • Posts: 812
  • Loc: Touring the USA

Post 3+ Months Ago

Axe wrote:
Yup, password security is about all you can do..

Unless you're the admin of the system, there are going to be things that a hacker will attempt to exploit that are beyond your control.

Most won't gain entry THROUGH your site. They usually gain entry through other insecure software running on the server (for example, certain vulnerable FTP daemons, or E-Mail pipes through PINE - a shell interface E-Mail client).

Of course, that doesn't mean they CAN'T gain entry through your site, it all depends on how the site's coded.

If you have a database driven site, making sure that MySQL will only accept incoming connections from your username on the "localhost" address (as opposed to an "%" address, which lets you in on any IP address as long as you have the correct username & password) will drastically reduce the risks of your database getting tampered with. If it's set to only allow localhost, then even if they have your database username & password, they won't be able to access your database unless they have access to the local system. Although, this access could potentialy be gained by exploiting vulnerable scripts that may exist on your website.

Basically, there's a million and one hacks out there, and a million and one ways to stop them. New hacks are being worked out all the time because new software with new vulnerabilities are being written every day.

The best thing to do, is assume that you ARE going to be hacked, that the system you're on is capable of BEING hacked, and all your hard work is going to be destroyed. With that in mind, make sure you keep regular backups.

There's probably not a computer on this planet that's 100% safe from every potential intruder (except, perhaps, for one that isn't turned on :)).


The first bold: If you check my site: http://www.plutunium.com one of my friends said that my gallery security sucks and someone could easily get in an deface my site if they wanted to.. what do they mean? how can i fix it?

The second bod: How do i do this? How do I make it so only my ip can acccess it?
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

#1. Well, without actually going through the code, it's impossible to say how it could be exploited. I've never used this script before.

#2. If you are using a MySQL database, and your hosting is on a cpanel server, you should be able to adminster that through cpanel itself, of course, you can always fire off an E-Mail to your hosting company and have them check it for you.

Post Information

  • Total Posts in this topic: 6 posts
  • Users browsing this forum: No registered users and 2 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.