building a webiste, what do I need to know about security?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

HI I have just started building my own website, it has my own domain and it is through a tripod pro account. Was wondering if there was anything I need to know about keeping the site secure and protected from hack attacks, is there anything I need to know or do before I officialley launch the site? I use 655 chmod on all files when I upload via ftp this prevents write access for users so I been told and I renamed and did same to cgi-bin.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Sounds like one for Si or Gav or some of the others. Don't worry...they've been flagged and someone will be along presently to help out.

 

I've found that the best defense against hackers is to give them no reason to want to hack your site in the first place...

Is it plain HTML or ASP.NET etc?
Is there any confidential or valuable material on there that someone might want to get their hands on?
Do you have secured access to a private area via a password etc?

There are several ways you can keep websites secure, but you need to know what you're trying to secure.

 

I use .htaccess files to password protect part of CF such as the admin area of the site. Although it is already password protected this gives a second level of security in case any vulnerabilities in the software are discovered.

Comprehensive guide to .htaccess
http://www.javascriptkit.com/howto/htaccess.shtml

Limiting web access using passwords.
http://www.kxs.net/support/htaccess.html

htaccess password generator
http://www.kxs.net/support/htaccess_pw.html

 

I tend to use ASP.NET which gives you several choices of how you secure your site. It's an IIS thing so won't work on some servers. You can set up a single user and password, or use a simple database to keep track of your users.
There's a simple guide HERE
(Look under security > forms authentication)
The great thing is, it's really simple to administer.

 

Thank you for your advice.

Johnny - The site is pure html. No ASP, PHP or anything like that. I am a beginner to web design.

 

I once used this tool for password protecting a page that only certain members could view but once the password gets around then its no use. Not what you ask about but you may find it useful.

http://www.buildwebsite4u.com/tools/secure-html.shtml

One thing, if your going to use any cgi form mail scripts be very careful as a lot of them have holes and are vulnerable to being exploited. We get hundreds of hits from spiders searching for vulnerable cgi scripts so they can be exploited to send spam mail.

 

whats the site for?
644 seems pretty nice and tight for plain html, so you shouldnt get any probs there