| | This is the issue that a lot of people has been concerned about! Lots of site and Forum has been hacked. And I really worry about this might happen to my site or forum So, do anyone know how to protect our passwords, and prevent from hacking? |
| Nov 25, 2009 |
Make sure all of your moderators and administrators use non-dictionary-word, 'strong' passwords, consisting of 8 or more letters and numbers.You can add .htaccess protection to your Admin and Mod CP directories, although if you guard your passwords and stay up to date with vBulletin releases, this is somewhat overkill. Although I guess it can't hurt....
read more.
Anything that can be changed by an authorized person remotely, can be changed by anyone that wants to do enough research to get in. There is no such thing as "absolute security". Although most of my knowledge is with computer "security", it applies to all types of security. In the mind of a hacker, any upgrade to "security" is merely a challenge. Whenever a company says that thier new system is unbreakable, I want to see if thier claim is true. I now only hack my own computers. And although I don't spend as much time hacking as I used to, I still haven't found any type of protection that can't be broken. Also, the more protection that is put on any kind of site, the more hassles the real users have to deal with. It's all a compromise. If you wanted to have a dozen layers of security to get into a site, that could be done. Sure, it would make it harder on any hacker to break in, but that also makes it take longer for you to get in. So just remember, there is no way to completely prevent you site from getting hacked. But if you keep your website small, not near as many hackers will want to try to break in. -YB
Ugh, why do we live in a world where people think it's cool to destroy some one's hard work? Never give your pass/user name to anyone, thats all I can say.
Nothing is foolproof, but some elementary caution will help:
1. Never assign permissions to any user or object greater than what they really need to be used. 2. Use the HTML maxlength attribute when practical to prevent people from entering scripts into text boxes. 3. Always have a default object in every directory, to make it harder for people to discover your directory structure.
Absolutely right!
4. Use a GOOD password for your admin account! Not "root" or "admin" or "susan" or "smith", but something that consists of letters AND numbers, perhaps mixed with some $§&€@-signs. And it is always safer to use a LONG password instead of a short one. A bruteforce attack might hack "susan17" but might need much more time to hack "s1&usanru56lokp34&hajkslwto@4772830hfgw". (just for example) GreetingZ
maybe there is no way to make the unbreakable site, but the majority of people who want to call their selfs hackers, prefer "playing" with unprodected sites. This people arent in real hackers. they know nothing more than u and me.
they just want to to make ur life harder. By using a small security this people cant hard u. There still remain the real hackers. what do u think ? why should they hack ur sites? I dont find a reason. so.... dont say, i wont put security cz they will destroy it. you will put, and if the other wants to touch ur site he will if he is just a "kid playing with his computer!!" he will give up easy! Hope u find a kind of good security 
Most people that do damage to sites are generally called "script kiddies" because they are simply running programs written by others, and they don't know what's going on in the program. These programs usually only work if the site is unprotected, or thier security is really out of date. These kind of individuals usually can't do anything to a reasonably protected site. And unless you get really big, of have something extremely interesting hidden within your site, the real hackers will probably leave you alone.
-YB
basically if u dont have any php scripts or anything that process user input,
you should be safe as long as your web server is updated and protected. in case of a free web hosting, theres nothing u can do if the server itself gets hacked. And just a small remark about what Cassandra said, QUOTE(Cassandra @ Aug 31 2005, 03:44 PM) Nothing is foolproof, but some elementary caution will help: 1. Never assign permissions to any user or object greater than what they really need to be used. 2. Use the HTML maxlength attribute when practical to prevent people from entering scripts into text boxes. 3. Always have a default object in every directory, to make it harder for people to discover your directory structure.  2. HTML maxlength will not prevent long information from being sent to the processing script, it will just prevent it being sent from your form, which can be easily bypassed by sending a raw POST request or downloading and changing the maxlength of the field. hope this extra info helped 
QUOTE(Fate @ Oct 8 2005, 07:51 PM) 2. HTML maxlength will not prevent long information from being sent to the processing script, it will just prevent it being sent from your form, which can be easily bypassed by sending a raw POST request or downloading and changing the maxlength of the field. If I'm not mistaken, neither of these ick-techniques should be a problem, as long as the receiving script is designed not to accept data from off-site. QUOTE(Fate @ Oct 8 2005, 07:51 PM) hope this extra info helped Well, it certainly can't hurt! QUOTE(Cassandra @ Oct 8 2005, 10:08 PM) If I'm not mistaken, neither of these ick-techniques should be a problem, as long as the receiving script is designed not to accept data from off-site. the receiving script, either php or asp, has no way of knowing if the user came from his own site or from nowhere, only by referer, which can easily be changed or faked to be as if it came from a ligitimate place. the real solution to the length problem should be inside the receiving script itself, for it is server side and cant be bypassed without changing its source. Latest Entries
Make sure all of your moderators and administrators use non-dictionary-word, 'strong' passwords, consisting of 8 or more letters and numbers.
You can add .htaccess protection to your Admin and Mod CP directories, although if you guard your passwords and stay up to date with vBulletin releases, this is somewhat overkill. Although I guess it can't hurt. QUOTE(Fate @ Oct 12 2005, 09:50 AM) the subject was site protecting.. Well, I was really referring to my Web sites as well, but I decided to phrase it as if I were talking only about my desktop machines because I believe in keeping a low profile, also for security reasons. Of course, thousands of people per week do find my sites, and I wouldn't want them to stop, but as the lady said, why look for trouble? On the other hand, it could really be that the bad guys don't find my sites "serious" enough. So much the better.
true enough, personal computers dont usually get hacked by people,
but by worms or other automatic tools, but i think we are going off the subject here. the subject was site protecting.. and sites, depending on thier content can attract more serious and more skilled poeple to try and brake it. and i agree that security cant be perfect...
I suspect that there's something very simple which would be pretty effective in practice, if not in theory: Just have the script check the referrer. It's true that the referrer can be spoofed very easily, but whoever hacks the site isn't going to know immediately why he got a 403, or whatever, and he often won't have any overwhelming interest in hacking a particular site, unless it's a professional hacking a bank site, or whatever. I suspect that most of the vermin who hack other people's Web sites are script kiddies trying to feel important: if they (or their robots) can't get in immediately, they'll just go elsewhere.
Like the lock on a door, Web security doesn't have to be perfect, and never will be. It just has to be good enough to make hacking that site a waste of the guy's time. I have two desktop machines always online protected only by minimal and very standard security, and I've never been hacked (yet).
you are suggesting a good idea...
though it will require some kind of gateway script that will make the request on the other script so it will originate from the server itself... otherwise the origin even on regular surfing is always from the user. what you are suggesting can be done, and ive seen it, its quite good protection...
Similar Topics
Keywords : prevent, site, hacking
security checks might prevent evils but not intelligents (4) Hi. welcome to a new world of intelligence defying security. most of the security softwares we get (23) Sorry for the subject, as i will not give you my website link /tongue.gif" Bluetooth hacking (4) I have hear that it is possible to hack cell phones from your bluetooth enabled laptop. I know this trying to figure (0) Hi, I started to design a vocable trainer and was presented with the difficulty of on virusses (9) Hi all, I think i have a problem, whenever i open a site on www.moody.astahost.com (my site) i get a (3) If you are looking to put a music video in your MySpace or what ever you choose avoid using the My experiance with a hacker (25) Well my AIM was hacked a while ago some guy was able to read all my convos and i'm like wtf well Looking for prevent, site, hacking
|
 How To Prevent Your Site From Hacking? |
Affordable Web Hosting, Low cost Web Hosting - ComputingHost.com