Web security the Whole Integration Way.
Some people think that you can create a website, upload it to a hosting server and forget about it. Nothing is more distant to the reality. Everyday new bugs are discovered and exploited, some may be related to the language that was used to create your webpage, (php, asp, jsp etc) others may be related to the software that displays your page (apache, nginx, iis etc), others may be related with third party software (how many sites require the adobe flash plug-in to work properly?) and others may be related to the Operating System that your host server is using. Whatever is the bug and wherever it comes from you are always at risk.
Then doesn’t everyone get hacked and have their sites shut down? The main reason is statistics, there are millions of websites in the world, the chance that someone with enough knowledge and free time to attack your web is like the odds of winning the lottery (but someone has to win the lottery right?). Another reason is that hacking is not a trivial task, don’t trust the movies, there are no fashion GUIs and handsome teenagers hacking a website in 5 minutes. To hack a website normally requires a lot of hours and a considerable effort that most hackers are not going to spent.
How to be safe? Here are a few tips that will help you:
1) Always have a remote backup of your files, if something goes wrong you will not lose your valuable info in an instance.
2) If you use a third party software, for example Joomla, drupal, osCommerce, Magento, etc check their websites for security updates and new versions, think about it: suppose you are using Joomla 1.0 as it was originally released and you never updated it. If a hacker finds your website, he only has to check the bugs that were found on Joomla 1.0 and patched in the next release. If you failed to update Joomla you are still vulnerable to the reported bugs (and many are very well explained!)
3) Always use passwords longer than six characters, with some capital letters, numbers and symbols. Utilize a vey custom password that fails to meet any dictionary standard word.
4) When hiring a hosting provider don’t only see the price and the promised bandwidth and hard drive space. Ask them what versions of the software they use, how often they check for updates, and if they have an IDS (intrusion detection system). This will help you to make a better decision for you and your company.
I followed all of this advice but got hacked anyway, what should I do?
Don’t panic, the banks also take a lot of precautions and they get their sites hacked from time to time. Take a deep breath and contact your hosting provider or sysadmin. Don’t touch anything, even the most paranoid hacker leaves some traces, (sometimes the traces are only visible with root access) so if you start changing things you will help him to hide his actions. Instead compare the files (after the hacking) with the files of your last backup. The modification date of a file will reveal what files were changed in the last days, and if you compare the size in KB of the current files against their backups, you will find out the files with more or less code. Also inspect the server logs; they can reveal valuable information about how the hacker got access.
After you have an idea of how the hacker got in, (or even if you did not find it out) you should create a “honeynet”, whats that? Short answer: a trap. Once you restore the website, the hacker will be tempted to hack it again, so you should start monitoring your website in partnership with your sysadmin and/or hosting provider, and leave it untouched for some time, this way any action can be associated with the hacker and will reveal his techniques.
Jorge
Whole Integration
Doug’s Web Design LLC / Whole Integration, a Veteran Owned and Operated Business.
Content by Whole Integration
Murrieta Website Maintenance, Temecula Website Maintenance, SoCal Website Maintenance, Los Angeles Website Design, Orange County Website Design, Murrieta Website Deisgn, Temecula Website Design, Orange county website design companies, OC Website Design Companies, Los Angeles Website Design Companies, San Diego Website Design Companies, Orange County Web Design, Webmaster, Maintenance, Content writing, Color Blind Website Design, Web Design, Corporate web design, corporate, web design maintenance, ecommerce, oscommerce, zencart, magento, custom design, custom website design
![[Ask]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/ask.png)
![[backflip]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/backflip.png)
![[BlogBookmark]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/blogbookmark.png)
![[Bloglines]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/bloglines.png)
![[del.icio.us]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/delicious.png)
![[Digg]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/digg.png)
![[Facebook]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/facebook.png)
![[Friendsite]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/friendsite.png)
![[Google]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/google.png)
![[Kaboodle]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/kaboodle.png)
![[LinkedIn]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/linkedin.png)
![[MySpace]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/myspace.png)
![[Reddit]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/reddit.png)
![[Squidoo]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/squidoo.png)
![[StumbleUpon]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/stumbleupon.png)
![[Twitter]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/twitter.png)
![[Yahoo!]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/yahoo.png)
![[Email]](http://wholeintegration.com/blog/wp-content/plugins/bookmarkify/email.png)
Leave a Reply
You must be logged in to post a comment.