What Every Webmaster Should Know About Code Installation

This session focused on security issues that most sites are prone to and what can web developers and web masters do to protect their site against these security vulnerabilities.

Here are some of the highlights from the session:

  • Hackers can have various motivations to find security loopholes on your site. Some of the major reasons why they hack your web site are to:
    • Drop links or cookies
    • Steal logins, blackmail people
    • Build botnets
    • Redirect users to 3-rd party sites selling advertisement
    • Crush competition
    • Steal credit cards
    • Abuse your server (email, attacks, etc)
  • Hackers use multiple tools to accomplish their goals. In general, basic hacking has become easier since most of the information is available online to general public. Not only that, portscanners, evil software – SARA Brutus, etc – can be used by hackers to find potential holes on your site.
  • The 1st entry point of attack is SQL injection, i.e. “input SQL statements in a web form to get a badly designed website to dump the database content to the attacker.” SQL injection happens because of incorrect type handling, incorrect pagination, username and password fields.
  • To ensure that your site is hardened against these attacks, you can take the following steps:
    • Check your access logs
    • Check file modification time
    • Revert to backup
    • Change passwords
    • Patch the hole
    • Audit your site regularly
    • Use the same tools hackers employ to find loopholes on your site. But be careful: if the tools are not used properly, you can compromise the security of your own site
    • Identify access patterns of automated tools. Sqlmap is a great free tool that you can use to find access patterns used by hackers
    • Blacklist hosts that initiate attacks
    • Never connect to the database as a super admin user or the database owner
    • Check expected data type
    • Escape user supplied values
    • Do not print out any database specific information, especially about the schema
    • Do not show raw errors to the display
  • Some of the tools you can use to protect yourself
      • Iptables – for linux server
      • Squit, Snort, Guardian – these tools help filter for SQL injection, disables remote IP attack, and speeds up your site
      • Logwatch – basic monitoring of your log files
      • Honeypots
Gaurav Varma

Recent Posts

From Search to Action: What Google I/O 2026 Means for Your Digital Presence

Google I/O 2026 marked a turning point, not an incremental upgrade. AI is no longer…

1 month ago

Webinar Recap: Is Your Historic Hotel Visible in AI Search?

In this session, Milestone experts Mike Supple, Aparna Iyer, and Brandon Ahearn discussed how AI…

1 month ago

Cote Hospitality – Enhancing Digital Experiences and AI Visibility Across Its Properties

Cote Hospitality has proudly managed iconic resorts for over a century, bringing memorable experiences to guests…

3 months ago

Milestone Partners with Candescent to Drive AI Visibility and Growth for Financial Institutions

Milestone announces a strategic partnership with Candescent to drive growth for financial institutions. As these…

3 months ago

Webinar Recap: Building Greater Visibility in AI Search for Banks & Credit Unions

In the recent session, Milestone experts Travis Everly and Brett Dugan, along with Eldon Tilley,…

4 months ago

Webinar Recap: 5 Must-Haves for Greater Visibility in AI Search

In the recent session, Milestone experts Alyssa DeClement, Brett Dugan, and HotelBSchool co-founder Holly Zoba…

4 months ago