ways of securing website from hackers

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
owolabi
Forum Newbie
Posts: 1
Joined: Sat Aug 09, 2008 3:54 am

ways of securing website from hackers

Post by owolabi »

My fellow programmers, I have this issue over time now. There is this website i manage for one of my clients and the site has been under treat by the hackers trying possible best to hijack this website. I am looking ahead to provide the upmost solution for protecting this site. Please, help me out by suggesting what possible means i can do to protect the site.

Kayode
Web Developer
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: ways of securing website from hackers

Post by Mordred »

Hire a professional pen-tester.
tamamk
Forum Commoner
Posts: 25
Joined: Sun Aug 24, 2008 3:37 am

Re: ways of securing website from hackers

Post by tamamk »

There are just way too many things to consider to secure a website. I suggest you start with your server first. Mask it! if you are using PHP, check what extensions you have enabled, do patches, check your web server version, update patches, your database......DNS settings! Your platform! Each and every component that makes your site available needs to be checked. Google them with their versions!

Then you need to worry about your applications just as much if there is any. Checking all of the inputs received by your web server...

You have a lot of work to do my friend... if this is a serious matter, Mordred suggestion is a better solution for you.

Good luck!
allicient
Forum Newbie
Posts: 9
Joined: Fri Sep 19, 2008 7:11 pm

Re: ways of securing website from hackers

Post by allicient »

owolabi, appologies for being blunt here, but would you ask a mechanic to fix your car when the mechanic opens the bonnet and says, "er, what does this big metal bit do?". No, I wouldn't either.

My advice: inform your client that you've reached the limit of your current knowledge and that they need to find someone who can handle the project. If you want to continue in PHP development, then make damn sure you can answer the basics first.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Re: ways of securing website from hackers

Post by Maugrim_The_Reaper »

In the short term try an application firewall - do a search for PHP-IDS for example. In the mid-term identify what attackers are doing exactly - maybe they're trying to exploit specific weaknesses they've discovered. Server logs or app audit logs (if any) might help here. In the long term you need to educate yourself in security practices, and please don't put that off. Lacking security expertise is an impediment to you as a PHP developer and you're only shooting yourself in the foot. If the problem is beyond your current knowledge you should allow the client to move to another developer. That's advice no developer likes to hear, but it's better than waiting for a hacker to be successful and leaving you in an even worse position.
Post Reply