Results 1 to 11 of 11

Thread: Secure website

  1. #1
    Senior Member
    Join Date
    May 2014
    Posts
    143

    Secure website

    How can we make our website more secure ? I mean secure from hackers.

  2. #2
    Junior Member
    Join Date
    Mar 2016
    Posts
    6
    You can take some simple actions as the ones described here but if you really want to make it safe, go for a good hosting company and hire a security specialist.

    Regards
    Ventureer - Hosting Made Easy
    Get now 1000Mb for just $0.95 per month.

  3. #3

  4. #4
    Senior Member
    Join Date
    Sep 2015
    Posts
    347
    Website builders can offer you an easy way to build, design and organize your website without having to use complicated computer code. Many hosting providers include free website builders in their hosting plan but some builders are very limited and you can be very frustrated trying to build your site using one of them. We have ranked the top site builder and hosting companies, All you need to do is browse the list and find out which site builder would be the best choice for building your website.

  5. #5
    Senior Member
    Join Date
    Jul 2016
    Posts
    113
    With the gift giving season coming up, many people will be doing their holiday shopping online. In fact, Americans will spend an estimated $61 billion shopping online this holiday season. Even mobile shopping is up 25% since last year.
    With all of this online shopping, lots of personal information—phone numbers, home addresses, and credit cards—will be flying around the Internet. This personal data translates to dollars for cyber criminals who are gearing up for the heavy traffic and increased online sales in the upcoming months.

  6. #6
    Senior Member
    Join Date
    Jan 2016
    Location
    India
    Posts
    278
    Quote Originally Posted by mani ge3e View Post
    Website builders can offer you an easy way to build, design and organize your website without having to use complicated computer code. Many hosting providers include free website builders in their hosting plan but some builders are very limited and you can be very frustrated trying to build your site using one of them. We have ranked the top site builder and hosting companies, All you need to do is browse the list and find out which site builder would be the best choice for building your website.
    So do hackers have to hack the server and the code? Or can they hack either/or to hack the site? My business WordPress website was just hacked & I NEED to know how to prevent this.... I don't know if it was the code or my hosting... Please answer if you know or can help. Thank you.

  7. #7
    Registered User
    Join Date
    Jul 2016
    Posts
    27
    01. Keep software up to date

    It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. When website security holes are found in software, hackers are quick to attempt to abuse them.

    If you are using a managed hosting solution then you don't need to worry so much about applying security updates for the operating system as the hosting company should take care of this.

    If you are using third-party software on your website such as a CMS or forum, you should ensure you are quick to apply any security patches. Most vendors have a mailing list or RSS feed detailing any website security issues. WordPress, Umbraco and many other CMSes notify you of available system updates when you log in.

    02. SQL injection

    SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate your database. When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data. You can easily prevent this by always using parameterised queries, most web languages have this feature and it is easy to implement.

    Consider this query:

    "SELECT * FROM table WHERE column = '" + parameter + "';"
    If an attacker changed the URL parameter to pass in ' or '1'='1 this will cause the query to look like this:

    "SELECT * FROM table WHERE column = '' OR '1'='1';"
    Since '1' is equal to '1' this will allow the attacker to add an additional query to the end of the SQL statement which will also be executed.

    03. XSS

    Cross site scripting is when an attacker tries to pass in JavaScript or other scripting code into a web form to attempt to run malicious code for visitors of your site. When creating a form always ensure you check the data being submitted and encode or strip out any HTML.

    04. Error messages

    Be careful with how much information you give away in your error messages. For example if you have a login form on your website you should think about the language you use to communicate failure when attempting logins. You should use generic messages like “Incorrect username or password” as not to specify when a user got half of the query right. If an attacker tries a brute force attack to get a username and password and the error message gives away when one of the fields are correct then the attacker knows he has one of the fields and can concentrate on the other field.



    Keep your error messages vague
    05. Server side validation/form validation

    Validation should always be done both on the browser and server side. The browser can catch simple failures like mandatory fields that are empty and when you enter text into a numbers only field. These can however be bypassed, and you should make sure you check for these validation and deeper validation server side as failing to do so could lead to malicious code or scripting code being inserted into the database or could cause undesirable results in your website.

    06. Passwords

    Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.

    As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run.

    Passwords should always be stored as encrypted values, preferably using a one way hashing algorithm such as SHA. Using this method means when you are authenticating users you are only ever comparing encrypted values. For extra website security it is a good idea to salt the passwords, using a new salt per password.

    In the event of someone hacking in and stealing your passwords, using hashed passwords could help damage limitation, as decrypting them is not possible. The best someone can do is a dictionary attack or brute force attack, essentially guessing every combination until it finds a match. When using salted passwords the process of cracking a large number of passwords is even slower as every guess has to be hashed separately for every salt + password which is computationally very expensive.

    Thankfully, many CMSes provide user management out of the box with a lot of these website security features built in, although some configuration or extra modules might be required to use salted passwords (pre Drupal 7) or to set the minimum password strength. If you are using .NET then it's worth using membership providers as they are very configurable, provide inbuilt website security and include readymade controls for login and password reset.

    07. File uploads

    Allowing users to upload files to your website can be a big website security risk, even if it’s simply to change their avatar. The risk is that any file uploaded however innocent it may look, could contain a script that when executed on your server completely opens up your website.

    If you have a file upload form then you need to treat all files with great suspicion. If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked. Even opening the file and reading the header, or using functions to check the image size are not full proof. Most images formats allow storing a comment section which could contain PHP code that could be executed by the server.

    So what can you do to prevent this? Ultimately you want to stop users from being able to execute any file they upload. By default web servers won't attempt to execute files with image extensions, but it isn't recommended to rely solely on checking the file extension as a file with the name image.jpg.php has been known to get through.

    Some options are to rename the file on upload to ensure the correct file extension, or to change the file permissions, for example, chmod 0666 so it can't be executed. If using *nix you could create a .htaccess file (see below) that will only allow access to set files preventing the double extension attack mentioned earlier.

  8. #8
    Registered User
    Join Date
    Feb 2015
    Location
    India
    Posts
    40
    Hello,

    To secure any website follow the below steps, this will surely help you secure your site from hackers.
    1. Update your web script continuously
    2. Use strong passwords to enhance website security
    3. Secure your administrative email address
    4. Change your database table prefix.
    5. Protect your database with a password.
    6. Delete your installation folder.

    Thanks

  9. #9
    Senior Member
    Join Date
    Jan 2016
    Location
    India
    Posts
    278
    Quote Originally Posted by jasonhalle View Post
    Hello,

    To secure any website follow the below steps, this will surely help you secure your site from hackers.
    1. Update your web script continuously
    2. Use strong passwords to enhance website security
    3. Secure your administrative email address
    4. Change your database table prefix.
    5. Protect your database with a password.
    6. Delete your installation folder.

    Thanks
    Really some nice tips thanks for share

  10. #10
    Registered User
    Join Date
    Mar 2016
    Posts
    118
    Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit known website security issues in software.

    Here some tips to make more secure your website:
    Keep software up to date
    Server side validation/form validation
    SQL injection
    SSL

  11. #11
    Junior Member
    Join Date
    Dec 2016
    Location
    Dallas
    Posts
    9
    Quote Originally Posted by SAP Online View Post
    How can we make our website more secure ? I mean secure from hackers.
    Are you using wordpress or some other free cms? If you are using wordpress have a look at our guide about how to secure your WordPress web site.

    If it's custom software then your developer should have secured it already. Mod_security will help alot in blocking attacks.
    Best Reseller Hosting - Get 6 months for $1.65/mo
    WordPress Hosting - Get 6 months for $1.18/mo
    SSD Cloud VPS with cPanel - Get 6 months for $15.97/mo

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

  Find Web Hosting      
  Shared Web Hosting UNIX & Linux Web Hosting Windows Web Hosting Adult Web Hosting
  ASP ASP.NET Web Hosting Reseller Web Hosting VPS Web Hosting Managed Web Hosting
  Cloud Web Hosting Dedicated Server E-commerce Web Hosting Cheap Web Hosting


Premium Partners:


Visit forums.thewebhostbiz.com: to discuss the web hosting business, buy and sell websites and domain names, and discuss current web hosting tools and software.