Thursday, May 26, 2016

How to protect your website from s | how to secure your website [Basic tips]




This post is for website admins who didnt bother there website's security. so every website owner especially noobs should follow certain steps to protect ther website from s as now days cyber crime is on "boom"
...:D..!!


s have lots of rsons for attacking your website and protecting it is the only solution. So, what steps can you take to protect your site from these s?s are constantly attacking websites and one day, even if your site is not experiencing huge traffic levels, a might come calling at your door to test your security levels. How do you stop them from gaining access and possibly taking control of your website?
s
Your site admin must have a strong – never ‘’ or other obvious words. A medium strength will include a combination of s and letters, idlly using upper and lower case letters. Make it stronger by including other characters, such as @ – ? etc. Anything that you can add that mns your is not a straight forward word or two can rlly improve it.Idlly, also sign on with a user name that is not obvious – not ‘admin’, ‘administrator’ and so on. This way the must guess user name and . And if you can move your administration ar to an unusual directory, then the might not even be able to find it!Watch what is happening
Monitor failed logon attempts to the admin and maybe close it down if there are too many. Be on the look out for multiple failed attempts from the same IP address and multiple failed attempts on the same user name. s might use networks of computers to constantly submit different s to your admin and if these are hijacked computers, they will have different IP addresses, but they will all attack the same userid.Be alert to traffic patterns
Watch your traffic stats for sudden interest in pages, especially pages that shouldn’t be there and protect the from SQL injection. And if any part of your website is uploading files then validate the format. I like to check that s are a valid format and then put them through a resize aorithm. That way p / asp files cannot be uploaded and ran should a gain entry to an admin system. SQL injection
This is a popular way of rding your tables and trying to find out if you have s stored there and other malicious tricks, such as uploading content to your pages. Make sure that you use correct escape routines to remove any attempts to inject SQL into your and on pages where all that is needed is a rd only access, just use a rd only user id. Then if someone slips in extra the potential damage might just be limited.You can also validate inputs to prevent SQL injection. For example, if you are expecting to be passed an id that is an integer, then test that it is an integer. If not, then I like to just exit the immediately so that there are no extra clues given and the page stops loading immediately.i want to you to download thiswebsite vulnerability scannnertool calledACUNETIX 6 Basic Website Security Steps
In my quest to bt the s who have had a go at some customer websites, I have crted a list of a few basic security steps for people building their own websites. Plse do lve comments of any others you can think of.

1) Make sure that s are not rdable in your database.
Yes, it can make life more difficult when you need to reset your own , but if a manages to gain rd access to your database (which can be quite sy, see step 5) then if s are on show they can access anything. Even if you just crte an MD5 checksum of the so that it is difficult to rd, that is a step in the right direction.2) Give your logons good user names.
In single user systems it is tempting to do without user names or use basic names such as ‘admin’. Don’t! If a has to find out a username and a they are much less likely to get through. Store them on separate tables in your database, or in a single user (or limited user) environment, why not store the username in the P / ASP? A username is a good protection against brute force attacks.3) Check what you upload!
Does your admin allow you to upload files to your server? This is what a wants – then they can upload their backdoors. If you are expecting to upload s check the file is an (jpg, gif etc). If it is mnt to be PDF validate that. Then, rename the file to hide it! For example picture.jpg might become 1.jpg.4) Do not directly access uploaded s.
If a can upload a file, then they need to find out where it is stored. But, if you instd use a picture resizing routine which has the uploads directory hard d, then there is no clue as to what directory the files are stored in. If a rlises that the uploaded files are well hidden it might be enough to make them lve your site alone.5) Validate all input string parameters.
To gain rd access of the database a can try to manipulate inputs. So, make sure the values are what you expected. For example, if you havemypage.p?id=1and the id is a , then fail the script immediately if the id is not numeric.If you are passing a string, within the P / ASP check it for an exact match on expected results before using it within a MYSQL query. You can do this by running through the database values or a hardd list.If you are running a srch function then this is a lot more difficult to protect, but not impossible. Make sure you use the POST method and check the referring page is on your website. If possible, remove all non alpha-numeric characters or at the very lst backslash out quotes. If you don’t then they will cause problems anyway in uine srches.6) Monitor failed logons.
And maybe even those queries detected in step 5. If the logon fails, send yourself an email. If there is a brute force attack you might find your email box suddenly filled up, so you might prefer to use a separate email address for this. If you want to be rlly clever monitor the failed logon attempts and lock your admin out for an hour after a few failed attempts.


thanxx for rding well do comment if u got any query :)

No comments:

Post a Comment