To any developer that has been in the game a while, security is second nature, to think with "how can this be hacked" in mind. To new developers that frame of mind typically happens after a good costly and time consuming hack happened through their code. That's what happened to me. In an effort to prevent this from happening, there are some common sense security measures that can be taken with relatively little effort that can make a big difference in the security of the a web site. In this world of advanced communication around the globe there is a huge number of people looking to hack your web sites. Much like viruses, not all hackers are looking to wreck stuff, some just want to see if they can deface a web site, not destroying data and deleting files in the mean time. While this is still a hassle to fix, and is still just as illegal and just as lame, it's not nearly the trouble that a complete exploit would present. I have been defaced before, it sucks, but it's not the end of the world. A hacker out to raise hell can will do much more damage. Truncating your database, deleting your files, changing passwords/usernames and more. The trouble with this is beyond the obvious trouble that is created for you is that if you, like many others, are in a shared hosting environment, a system-level exploit in your web space can open up the entire server, and all who have web sites on it, to attack. Many programming languages have functions that can open the shell and gain root access. Once root access is achieved, that hacker has found his holy grail, he is in complete control of that machine and everything on it. If you find a shell script left in your space after an exploit and your server still runs and your site still pops up at all, defaced or not, count your lucky stars and go to church on the next Sabbath, because you luckily didn't have a hacker set on wrecking, just checking. If you prefer, you can learn the hard way, the way many of us did, but it sucks. Never fall in to that frame of mind that you are not a target. Everybody is a target. It's not how big you are, how popular you are, how profitable you are or anything like that. It's that you exist and are possibly exploitable. Sure, everybody wants to hack the big guys. Microsoft and Google are constantly under fire, but those same people practice on lesser sites...sites like mine and yours. Like mom said, better safe than sorry... |
|||
 |
dB Masters MultimediaAudio, Video and Web Production Services for Small Business |
NavigationUser login |
|
| © Copyright 2009 - dB Masters Multimedia - All Rights Reserved |