Tactics You Should Know To Secure Your Website Part 2

What Spyware Items Are Infecting Your Computer?

Continuing from where we left off. If you have not read the first part to “Tactics You Should Know To Secure Your Website” then click here to visit that article.

Tactics You Should Know To Secure Your Website: Keep Up with Security Updates

Those who run software packages on their website need to keep in touch with updates and security alerts relating to that software. Not doing so can leave you wide open to hackers. In fact, many times a glaring security hole is discovered and reported and there is a lag before the creator of the software can release a patch for it.

Anybody so inclined can find your site running the software and exploit the vulnerability if you do not upgrade. I myself have been burned by this a few times, having whole forums get destroyed and having to restore from backup. It happens.

 

Tactics You Should Know To Secure Your WebsiteTactics You Should Know To Secure Your Website: Reduce Your Error Reporting Level

Speaking mainly for PHP here because that’s what I work in, errors and warnings generated by PHP are, by default, printed with full information to your browser. The problem is that these errors usually contain full directory paths to the scripts in question.

Tactics You Should Know To Secure Your Website: Cmon PHP, TMI

It gives away too much information. To alleviate this, reduce the error reporting level of PHP. You can do this in two ways. One is to adjust your php.ini file. This is the main configuration for PHP on your server. Look for the error_reporting and display_errors directives.

However, if you do not have access to this file (many on shared hosting do not), you can also reduce the error reporting level using the error_reporting() function of PHP. Include this in a global file of your scripts that way it will work across the board.

 

Tactics You Should Know To Secure Your Website: Secure Your Forms

Forms open up a wide hole to your server for hackers if you do not properly code them. Since these forms are usually submitted to some script on your server, sometimes with access to your database, a form which does not provide some protection can offer a hacker direct access to all kinds of things.

Keep in mind…just because you have an address field and it says “Address” in front of it does not mean you can trust people to enter their address in that field. Imagine your form is not properly coded and the script it submits to is not either. What’s to stop a hacker from entering an SQL query or scripting code into that address field? With that in mind, here are a few things to do and look for:

Tactics You Should Know To Secure Your Website: Use MaxLength

Input fields in form can use the maxlength attribute in the HTML to limit the length of input on forms. Use this to keep people from entering WAY too much data. This will stop most people. A hacker can bypass it, so you must protect against information overrun at the script level as well.

Tactics You Should Know To Secure Your Website: Hide Emails

If using a form-to-mail script, do not include the email address into the form itself. It defeats the point and spam spiders can still find your email address.

Tactics You Should Know To Secure Your WebsiteTactics You Should Know To Secure Your Website: Use Form Validation

I won’t get into a lesson on programming here, but any script which a form submits to should validate the input received. Ensure that the fields received are the fields expected.

Check that the incoming data is of reasonable and expected length and of the proper format (in the case of emails, phones, zips, etc.).

Tactics You Should Know To Secure Your Website: Avoid SQL Injection

A full lesson on SQL injection can be reserved for another article, however the basics is that form input is allowed to be inserted directly into an SQL query without validation and, thus, giving a hacker the ability to execute SQL queries via your web form.

To avoid this, always check the data type of incoming data (numbers, strings, etc.), run adequate form validation per above, and write queries in such a way that a hacker cannot insert anything into the form which would make the query do something other than you intend.

 

Tactics You Should Know To Secure Your Website: Conclusion

Website security is a rather involved subject and it get a LOT more technical than this. However, I have given you a basic primer on some of the easier things you can do on your website to alleviate the majority of threats to your website.

 


Tactics You Should Know To Secure Your Website
If you are looking for extra money and would like the possibility of getting a $200 commission plus residuals per system sold. Then click the banner below to find out more information on how to join a team that can make it possible for you.

 

Tactics You Should Know To Secure Your Website

___________________________________________

Take Care And God Bless

Greg “Da Spokesman” Stargell

Join Us On Facebook :

Greg Fan Page

The Security Systems Page

Tactics You Should Know To Secure Your Website


Visit Us On FacebookVisit Us On TwitterVisit Us On LinkedinVisit Us On Google PlusVisit Us On PinterestVisit Us On YoutubeCheck Our Feed