Help with securing website from hackers??
- Thread starter daron0382
- Start date
- Messages
- 1,577
- Reaction score
- 60
- Points
- 0
#1 Restrict access to administrative folders.
#2 Disable directory browsing.
#3 Add captcha to further restrict.
#4 SQL injection attacks.These can allow hackers to execute arbitrary SQL commands on your database through your Web site.To avoid this type of attacks, every piece of data supplied by a user on a Web form must be sanitized/validated so that they do not contain information that is not expected.
You can use php scripts to sanitize, so that data that gets into database is free from attacking statements.
#2 Disable directory browsing.
#3 Add captcha to further restrict.
#4 SQL injection attacks.These can allow hackers to execute arbitrary SQL commands on your database through your Web site.To avoid this type of attacks, every piece of data supplied by a user on a Web form must be sanitized/validated so that they do not contain information that is not expected.
You can use php scripts to sanitize, so that data that gets into database is free from attacking statements.
- Messages
- 9,373
- Reaction score
- 326
- Points
- 83
In any .htaccess you have (if you have none, put one in your document root, here it is /home/yourCPanelUsername/public_html ) put the line:
Options -Indexes
- Messages
- 5,257
- Reaction score
- 97
- Points
- 48
You can't just say "How can I make my site secure?" and then we'll tell you how to secure it - it's a bit more complicated than that. You haven't even given us a URL 
Regarding SQL injections, it's a huge area, but if you use something like PDO and prepared statements, you should be fairly secure.
If your website involves money, you may want to consider paying for a security audit. From what I've heard, it's fairly expensive - I've heard $100 an hour at 1000 lines of code an hour, but it will obviously take less time if it is well documented and well laid out. You may be able to hire a nub like me to do it for you. It'll be cheaper, and not as good quality, but they would probably get the job done.
~Callum
Regarding SQL injections, it's a huge area, but if you use something like PDO and prepared statements, you should be fairly secure.
If your website involves money, you may want to consider paying for a security audit. From what I've heard, it's fairly expensive - I've heard $100 an hour at 1000 lines of code an hour, but it will obviously take less time if it is well documented and well laid out. You may be able to hire a nub like me to do it for you. It'll be cheaper, and not as good quality, but they would probably get the job done.
~Callum
Last edited:
- Messages
- 5,257
- Reaction score
- 97
- Points
- 48
It's a hidden file - UNIX files that begin with a dot (.) are not displayed by default. If you're using cPanel file manager you can use the settings in the top left, or if you're using FTP your client will have an option in the preferences. If you're using SSH like a true man, use ls -a
~Callum
~Callum
- Messages
- 9,373
- Reaction score
- 326
- Points
- 83
Passwords: 083049llewoL!@amroN
Usernames: The admin user should not be 'admin' or 'root'
That applies to all levels of your site. cPanel/FTP. Admin access to your software (WordPress, Drupal).
Many of the scripts have security plugin/mods. Check them out and use one.
Most scripts have "roles" for users. Interactive is nice, but consider only giving out the most restrictive "roles" you can.
Where possible, store files outside of the document root. If they don't have to be accessible from the Web, they shouldn't be.
Usernames: The admin user should not be 'admin' or 'root'
That applies to all levels of your site. cPanel/FTP. Admin access to your software (WordPress, Drupal).
Many of the scripts have security plugin/mods. Check them out and use one.
Most scripts have "roles" for users. Interactive is nice, but consider only giving out the most restrictive "roles" you can.
Where possible, store files outside of the document root. If they don't have to be accessible from the Web, they shouldn't be.
- Messages
- 5,257
- Reaction score
- 97
- Points
- 48
Although if you're using PHP 5 you should be using OO PHP, and so it doesn't really matter - nothing bad will happen, the classes will just be defined and then the script will end
~Callum