Page 1 of 1
PHP SECURITY EXPERTS
Posted: Sun Oct 26, 2008 9:49 am
by manis
Dear PHP Security Experts - My site in recent times have grown up on user base. One of my competitor who is exactly in the same business have tried to get down my site on several ocassion. Can someone guide me on ready softwares or a plan to full proof my site to some extend.
This is a user based site running on a linux platform -php & mysql. The site also has e-commerce applications.
Thanks in advance,
Manis
Re: PHP SECURITY EXPERTS
Posted: Sun Oct 26, 2008 11:16 am
by jaoudestudios
You will have to give us more information on your current setup.
Re: PHP SECURITY EXPERTS
Posted: Sun Oct 26, 2008 10:39 pm
by manis
1. We are on shared hosting
2. Using Php 4
3. Our site is a social network for a niche subject
4. We use paypal for e-commerce
5. We also have integrated some open source scripts into the network
6. Some of the modules of the social network is video, music, blogs, forum
I hope this helps, thanks for your reply. I will look forward for your advice.
Thanks,
Manis
Re: PHP SECURITY EXPERTS
Posted: Mon Oct 27, 2008 2:50 am
by jmut
I'd say your best bet is to move to dedicated hosting
Re: PHP SECURITY EXPERTS
Posted: Mon Oct 27, 2008 7:23 am
by Mordred
manis wrote:One of my competitor who is exactly in the same business have tried to get down my site on several ocassion.
By legal or blackhat means?
If you mean they tried to hack you - did they succeed or not? Do you have proof of the attack and the identity of the attacker? Did you complain to the authorities and/or to your hoster?
What is your security budget? Best option is to hire a pen tester.
Re: PHP SECURITY EXPERTS
Posted: Wed Oct 29, 2008 12:05 am
by manis
Presently we are looking for some ready-to-go solution. Like a ready software or multiple softwares. Budget is not a problem.
Re: PHP SECURITY EXPERTS
Posted: Thu Oct 30, 2008 10:27 am
by Hannes2k
Hi,
manis wrote:Presently we are looking for some ready-to-go solution. Like a ready software or multiple softwares. Budget is not a problem.
there is no simple software solution, which you have just to install.
If budget is not a problem, hire (or rent) a security consultant or an experienced network/server administrator which checks your system. This would be the much better solution.
Re: PHP SECURITY EXPERTS
Posted: Fri Oct 31, 2008 6:53 am
by jaoudestudios
I agree with Hannes2k, if budget is not a problem, get in a consultant.
Also look to changing your hosting to a dedicated server. Rackspace are excellent, they will manage the server for you and look into all these issues and recommend solutions. Then install and setup solutions for no additional cost. They have excellent firewalls, which is a must! But they can also open ports if you need to ssh in or something.