1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

building a webiste, what do I need to know about security?

Discussion in 'Computer Security' started by Frontier, Jun 29, 2005.

  1. Frontier

    Frontier Byte Poster

    105
    0
    14
    HI I have just started building my own website, it has my own domain and it is through a tripod pro account. Was wondering if there was anything I need to know about keeping the site secure and protected from hack attacks, is there anything I need to know or do before I officialley launch the site? I use 655 chmod on all files when I upload via ftp this prevents write access for users so I been told and I renamed and did same to cgi-bin.
     
  2. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    Sounds like one for Si or Gav or some of the others. Don't worry...they've been flagged and someone will be along presently to help out.
     
    Certifications: A+ and Network+
  3. JonnyMX

    JonnyMX Petabyte Poster

    5,239
    211
    236
    I've found that the best defense against hackers is to give them no reason to want to hack your site in the first place...

    Is it plain HTML or ASP.NET etc?
    Is there any confidential or valuable material on there that someone might want to get their hands on?
    Do you have secured access to a private area via a password etc?

    There are several ways you can keep websites secure, but you need to know what you're trying to secure.
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  4. SimonV

    SimonV Petabyte Poster Administrator

    6,616
    149
    228
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  5. JonnyMX

    JonnyMX Petabyte Poster

    5,239
    211
    236
    I tend to use ASP.NET which gives you several choices of how you secure your site. It's an IIS thing so won't work on some servers. You can set up a single user and password, or use a simple database to keep track of your users.
    There's a simple guide HERE
    (Look under security > forms authentication)
    The great thing is, it's really simple to administer.
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  6. Frontier

    Frontier Byte Poster

    105
    0
    14
    Thank you for your advice.

    Johnny - The site is pure html. No ASP, PHP or anything like that. I am a beginner to web design.
     
  7. SimonV

    SimonV Petabyte Poster Administrator

    6,616
    149
    228
    I once used this tool for password protecting a page that only certain members could view but once the password gets around then its no use. Not what you ask about but you may find it useful.

    http://www.buildwebsite4u.com/tools/secure-html.shtml

    One thing, if your going to use any cgi form mail scripts be very careful as a lot of them have holes and are vulnerable to being exploited. We get hundreds of hits from spiders searching for vulnerable cgi scripts so they can be exploited to send spam mail.
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  8. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    whats the site for?
    644 seems pretty nice and tight for plain html, so you shouldnt get any probs there :)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0

Share This Page

Loading...