HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 28 guests and 1 member online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow help me to protect my WEBSITE ?
Ethical Hacker Community Forums
January 07, 2009, 05:37:57 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: help me to protect my WEBSITE ?  (Read 2272 times)
0 Members and 1 Guest are viewing this topic.
iosoft
Newbie
*
Offline Offline

Posts: 1


View Profile
« on: August 17, 2008, 01:33:49 PM »
Friends,

Can you please give me some kind a 'check list' to protect my website running  on Linux+Apache+PHP+MySQL.

Thanks in advance.
Logged
RoleReversal
Hero Member
*****
Offline Offline

Posts: 507


View Profile WWW
« Reply #1 on: August 17, 2008, 03:53:52 PM »
isosoft,

that is one seriously open-ended question.

Standard advice of google applies (It always does....)

OnLAMP is a good resource, of specific interest will be articles in the security section.

As for a checklist, there is only one universal rule:
Quote
Patch your vulns before the other guy exploits them....

Wink Good luck out there.
Logged
A little bit of sanity:
http://www.infosanity.co.uk
jimbob
Sr. Member
****
Offline Offline

Posts: 332



View Profile WWW
« Reply #2 on: August 18, 2008, 07:50:47 AM »
Quote from: iosoft on August 17, 2008, 01:33:49 PM
Can you please give me some kind a 'check list' to protect my website running  on Linux+Apache+PHP+MySQL.
Perhaps just as important is making sure your PHP applications are secure. If you are writing one yoruself, check out some of the information on the web regarding secure PHP programming. If you're using one of the many popular PHP application such as phpBB, Joomla, Drupal etc. make sure you have the latest version. There are automated scripts which actively seek out and exploit security hole in many of these packages.

With most OSS software there is a mailing list you can subscribe to which will send you security bulletins when a new version is release. This way you can stay in touch with what's going on and get alerted when a new update is available.

Don't forget pro-active steps like ensuring you back up your data and content.

Regards,
Jimbob
Logged
only_samurai
Newbie
*
Offline Offline

Posts: 6


View Profile WWW
« Reply #3 on: August 18, 2008, 04:06:17 PM »
You can run a vulnerability assessment on your own site with tools like Grendel-Scan (open sourced and free Cheesy )

In order to secure the site, you should be validating ALL inputs. Now, what does that mean exactly? It's a very wide range of sanity checking. If it's going into the database SQL syntax keywords and characters need to be watched very closely ( things like: ' " OR = /* # --   and even words like UPDATE, DECLARE, CAST can be dangerous). For simple XSS attacks running the input through htmlentities() is generally a pretty safe methodology.

There are far more things to do than this, however; because it would take ages to write out a 'full' list.
Logged
dalepearson
Full Member
***
Offline Offline

Posts: 163


View Profile
« Reply #4 on: August 18, 2008, 04:23:12 PM »
I wasnt at Defcon 16 but I did get a copy of the CD they handed out, and I saw the one on Grendel-Scan and it looks good and is on my never ending list of things to look at.

Here is the link for various OS downloads - http://grendel-scan.com/download.htm
Logged
:: Security Active ::
geekyone
Full Member
***
Offline Offline

Posts: 132



View Profile
« Reply #5 on: August 18, 2008, 04:26:26 PM »
You can find some good checklists to secure your server and applications here  http://www.cisecurity.org/.  Most of the controls they recommend you won't be able to implement unless you own the servers that is hosting your website.  Good Luck!
Logged
CISSP, CEH, GPEN, GCIH
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.047 seconds with 23 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
How many security events including conferences and training do you attend a year:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2009 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.