Page 1 of 1

ways of securing website from hackers

Posted: Sun Aug 24, 2008 11:46 pm
by owolabi
My fellow programmers, I have this issue over time now. There is this website i manage for one of my clients and the site has been under treat by the hackers trying possible best to hijack this website. I am looking ahead to provide the upmost solution for protecting this site. Please, help me out by suggesting what possible means i can do to protect the site.

Kayode
Web Developer

Re: ways of securing website from hackers

Posted: Mon Aug 25, 2008 3:35 am
by Mordred
Hire a professional pen-tester.

Re: ways of securing website from hackers

Posted: Mon Aug 25, 2008 6:37 am
by tamamk
There are just way too many things to consider to secure a website. I suggest you start with your server first. Mask it! if you are using PHP, check what extensions you have enabled, do patches, check your web server version, update patches, your database......DNS settings! Your platform! Each and every component that makes your site available needs to be checked. Google them with their versions!

Then you need to worry about your applications just as much if there is any. Checking all of the inputs received by your web server...

You have a lot of work to do my friend... if this is a serious matter, Mordred suggestion is a better solution for you.

Good luck!

Re: ways of securing website from hackers

Posted: Mon Sep 22, 2008 2:35 pm
by allicient
owolabi, appologies for being blunt here, but would you ask a mechanic to fix your car when the mechanic opens the bonnet and says, "er, what does this big metal bit do?". No, I wouldn't either.

My advice: inform your client that you've reached the limit of your current knowledge and that they need to find someone who can handle the project. If you want to continue in PHP development, then make damn sure you can answer the basics first.

Re: ways of securing website from hackers

Posted: Tue Sep 23, 2008 3:37 am
by Maugrim_The_Reaper
In the short term try an application firewall - do a search for PHP-IDS for example. In the mid-term identify what attackers are doing exactly - maybe they're trying to exploit specific weaknesses they've discovered. Server logs or app audit logs (if any) might help here. In the long term you need to educate yourself in security practices, and please don't put that off. Lacking security expertise is an impediment to you as a PHP developer and you're only shooting yourself in the foot. If the problem is beyond your current knowledge you should allow the client to move to another developer. That's advice no developer likes to hear, but it's better than waiting for a hacker to be successful and leaving you in an even worse position.