The Ethical Hacker Network - help me to protect my WEBSITE ?

iosoft

Newbie

Offline

Posts: 1

help me to protect my WEBSITE ?

« on: August 17, 2008, 01:33:49 PM »

Friends,

Can you please give me some kind a 'check list' to protect my website running on Linux+Apache+PHP+MySQL.

Thanks in advance.


	Logged

Andrew Waite

Hero Member

Offline

Posts: 928

Re: help me to protect my WEBSITE ?

« Reply #1 on: August 17, 2008, 03:53:52 PM »

isosoft,

that is one seriously open-ended question.

Standard advice of google applies (It always does....)

OnLAMP is a good resource, of specific interest will be articles in the security section.

As for a checklist, there is only one universal rule:

Quote

Patch your vulns before the other guy exploits them....

Good luck out there.


	Logged

-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk

jimbob

Guest

Re: help me to protect my WEBSITE ?

« Reply #2 on: August 18, 2008, 07:50:47 AM »

Quote from: iosoft on August 17, 2008, 01:33:49 PM

Can you please give me some kind a 'check list' to protect my website running on Linux+Apache+PHP+MySQL.

Perhaps just as important is making sure your PHP applications are secure. If you are writing one yoruself, check out some of the information on the web regarding secure PHP programming. If you're using one of the many popular PHP application such as phpBB, Joomla, Drupal etc. make sure you have the latest version. There are automated scripts which actively seek out and exploit security hole in many of these packages.

With most OSS software there is a mailing list you can subscribe to which will send you security bulletins when a new version is release. This way you can stay in touch with what's going on and get alerted when a new update is available.

Don't forget pro-active steps like ensuring you back up your data and content.

Regards,
Jimbob


	Logged

only_samurai

Newbie

Offline

Posts: 6

Re: help me to protect my WEBSITE ?

« Reply #3 on: August 18, 2008, 04:06:17 PM »

You can run a vulnerability assessment on your own site with tools like Grendel-Scan (open sourced and free Cheesy

)

In order to secure the site, you should be validating ALL inputs. Now, what does that mean exactly? It's a very wide range of sanity checking. If it's going into the database SQL syntax keywords and characters need to be watched very closely ( things like: ' " OR = /* # -- and even words like UPDATE, DECLARE, CAST can be dangerous). For simple XSS attacks running the input through htmlentities() is generally a pretty safe methodology.

There are far more things to do than this, however; because it would take ages to write out a 'full' list.


	Logged

dalepearson

Sr. Member

Offline

Posts: 357

Re: help me to protect my WEBSITE ?

« Reply #4 on: August 18, 2008, 04:23:12 PM »

I wasnt at Defcon 16 but I did get a copy of the CD they handed out, and I saw the one on Grendel-Scan and it looks good and is on my never ending list of things to look at.

Here is the link for various OS downloads - http://grendel-scan.com/download.htm


	Logged

:: Subliminal Hacking :: / :: Security Active Blog ::

geekyone

Full Member

Offline

Posts: 180

Re: help me to protect my WEBSITE ?

« Reply #5 on: August 18, 2008, 04:26:26 PM »

You can find some good checklists to secure your server and applications here http://www.cisecurity.org/. Most of the controls they recommend you won't be able to implement unless you own the servers that is hosting your website. Good Luck!


	Logged

CISSP, CEH, GPEN, GCIH, GCFA

Pages: [1] Go Up

« previous next »