PHP SECURITY EXPERTS

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
manis
Forum Newbie
Posts: 8
Joined: Tue Oct 07, 2008 12:12 pm

PHP SECURITY EXPERTS

Post by manis »

Dear PHP Security Experts - My site in recent times have grown up on user base. One of my competitor who is exactly in the same business have tried to get down my site on several ocassion. Can someone guide me on ready softwares or a plan to full proof my site to some extend.
This is a user based site running on a linux platform -php & mysql. The site also has e-commerce applications.

Thanks in advance,
Manis
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: PHP SECURITY EXPERTS

Post by jaoudestudios »

You will have to give us more information on your current setup.
manis
Forum Newbie
Posts: 8
Joined: Tue Oct 07, 2008 12:12 pm

Re: PHP SECURITY EXPERTS

Post by manis »

1. We are on shared hosting
2. Using Php 4
3. Our site is a social network for a niche subject
4. We use paypal for e-commerce
5. We also have integrated some open source scripts into the network
6. Some of the modules of the social network is video, music, blogs, forum

I hope this helps, thanks for your reply. I will look forward for your advice.

Thanks,
Manis
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Re: PHP SECURITY EXPERTS

Post by jmut »

I'd say your best bet is to move to dedicated hosting
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: PHP SECURITY EXPERTS

Post by Mordred »

manis wrote:One of my competitor who is exactly in the same business have tried to get down my site on several ocassion.
By legal or blackhat means?
If you mean they tried to hack you - did they succeed or not? Do you have proof of the attack and the identity of the attacker? Did you complain to the authorities and/or to your hoster?
What is your security budget? Best option is to hire a pen tester.
manis
Forum Newbie
Posts: 8
Joined: Tue Oct 07, 2008 12:12 pm

Re: PHP SECURITY EXPERTS

Post by manis »

Presently we are looking for some ready-to-go solution. Like a ready software or multiple softwares. Budget is not a problem.
Hannes2k
Forum Contributor
Posts: 102
Joined: Fri Oct 24, 2008 12:22 pm

Re: PHP SECURITY EXPERTS

Post by Hannes2k »

Hi,
manis wrote:Presently we are looking for some ready-to-go solution. Like a ready software or multiple softwares. Budget is not a problem.
there is no simple software solution, which you have just to install.
If budget is not a problem, hire (or rent) a security consultant or an experienced network/server administrator which checks your system. This would be the much better solution.
User avatar
jaoudestudios
DevNet Resident
Posts: 1483
Joined: Wed Jun 18, 2008 8:32 am
Location: Surrey

Re: PHP SECURITY EXPERTS

Post by jaoudestudios »

I agree with Hannes2k, if budget is not a problem, get in a consultant.

Also look to changing your hosting to a dedicated server. Rackspace are excellent, they will manage the server for you and look into all these issues and recommend solutions. Then install and setup solutions for no additional cost. They have excellent firewalls, which is a must! But they can also open ports if you need to ssh in or something.
Post Reply