HomeDesigning Your WebsiteWebmaster's Corner

Security Issues

CaptainMorgan posted this at 00:47 — 29th June 2005.

They have: 19 posts

Joined: Jun 2005

After searching I couldn't find exactly what I want to talk about and what concerns me. From a website owner perspective we are shielded by the server/hosting company and their protection services, no? Is that it?

We've all seen the famous hacks concerning someone gaining access to someone elses site and hijacking it to their liking.. throwing whatever on to it and basically forbidding the true owner from regaining access.

Ive tried encrypting my pages through the FTP software.. but then after it's transmitted to the server's directory - I can't pull up my own page on the web.. I set the password and everything... WS-FTP brings it to the server and places a visual padlock next to it or at the bottom of the page. Cool, but how come I can't see it when it's pulled on the browser? "Not Found" message or similiar.

Once someone gains access to the server, is there anything else protecting the website owner? Maybe the encryption is what Im looking for.. if I can figure out how to use it correctly. I want to make my pages public.. but not at the risk of someone somehow gaining access right away and taking control. I tested my site on Opera and the browser listed my site as unsecure.. which concerns me..how do I fix and any other suggestions you can add?

EDIT: I just viewed someones site and it was quite interesting - flash, fireworks and the whole shebang. I went to right-click and view source.. on every page it said the same thing - My Page - NOT yours - YOUR problem along with the same META tags... Now how did he do that?

Thanks

Drink responsibly.. Capt. was here.

Busy posted this at 08:38 — 29th June 2005.

Busy's picture

He has: 6,151 posts

Joined: May 2001

It's like trying to stop your car being stolen, you can fit mag wheel lock nuts, an alarm, push button this, push button that but if they want it bad enough they will take it, same as your site. Just don't make it easy for them, using *dictionary word passwords is like leaving the keys in the car.

Your site will always be listed as unsecure unless you use https (through a secure cert)

The site you saw with the title tag, was it blank after the meta tags? If it was, use your mouse wheel or scroll down and you will see the content, it probably had a no right click script on it too (doesn't work on all browsers).

* A dictionary word is anything found in a dictionary basically, passwords should be a combination of letters and numbers that have no meaning, example, a licence plate is a no-no.

CptAwesome posted this at 12:09 — 29th June 2005.

CptAwesome's picture

He has: 370 posts

Joined: Dec 2004

You also have to be careful with forms and file extensions. A common mistake I've seen if people putting mysql username/password in an inc file, and including that into PHP. If someone finds the .inc file, kiss your DB goodbye

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.