What Every Webmaster Should Know About Code Installation

This session focused on security issues that most sites are prone to and what can web developers and web masters do to protect their site against these security vulnerabilities.

Here are some of the highlights from the session:

  • Hackers can have various motivations to find security loopholes on your site. Some of the major reasons why they hack your web site are to:
    • Drop links or cookies
    • Steal logins, blackmail people
    • Build botnets
    • Redirect users to 3-rd party sites selling advertisement
    • Crush competition
    • Steal credit cards
    • Abuse your server (email, attacks, etc)
  • Hackers use multiple tools to accomplish their goals. In general, basic hacking has become easier since most of the information is available online to general public. Not only that, portscanners, evil software – SARA Brutus, etc – can be used by hackers to find potential holes on your site.
  • The 1st entry point of attack is SQL injection, i.e. “input SQL statements in a web form to get a badly designed website to dump the database content to the attacker.” SQL injection happens because of incorrect type handling, incorrect pagination, username and password fields.
  • To ensure that your site is hardened against these attacks, you can take the following steps:
    • Check your access logs
    • Check file modification time
    • Revert to backup
    • Change passwords
    • Patch the hole
    • Audit your site regularly
    • Use the same tools hackers employ to find loopholes on your site. But be careful: if the tools are not used properly, you can compromise the security of your own site
    • Identify access patterns of automated tools. Sqlmap is a great free tool that you can use to find access patterns used by hackers
    • Blacklist hosts that initiate attacks
    • Never connect to the database as a super admin user or the database owner
    • Check expected data type
    • Escape user supplied values
    • Do not print out any database specific information, especially about the schema
    • Do not show raw errors to the display
  • Some of the tools you can use to protect yourself
      • Iptables – for linux server
      • Squit, Snort, Guardian – these tools help filter for SQL injection, disables remote IP attack, and speeds up your site
      • Logwatch – basic monitoring of your log files
      • Honeypots
Gaurav Varma

Recent Posts

Milestone Inc. Wins 2024 US Search Award for Best Use of Search in Finance SEO

Milestone Inc. is proud to announce that it has been awarded the prestigious 2024 US…

2 weeks ago

Webinar Recap: Top Tips for AI & Personalization to Drive Engagement and Conversions in Hospitality and Finance

During the session, Milestone experts Mike Supple and Aparna Iyer shared strategies on how to…

2 months ago

Milestone Wins 7 w3 Awards for Client Websites in 2024!

Milestone has been honored with w3 Awards for seven client websites in 2024! This prestigious…

2 months ago

Milestone Inc. Wins 2024 Outstanding Website Developer Award and Secures 7 Additional Client Awards

Milestone Inc. is honored to announce eight-award wins at the prestigious 2024 WebAwards. The company…

2 months ago

Webinar Recap: Top Must-Haves for Banking or Credit Union Websites for Driving Customer or Member Acquisition

During the session, our industry speakers Anil Aggarwal, CEO of Milestone Inc, Steve O'Donnell, SVP…

3 months ago

Webinar Recap: Budgeting and Forecasting in the AI Era

During the session, our industry speakers Benu Aggarwal, Founder and President of Milestone Inc, Kurt…

3 months ago