Tip #2
Be Paranoid About User Input
One of the most security vulnerable areas of the web today is user forms. Websites use forms for all sorts of purposes. Whether you use forms to take orders, receive contact information or allow comments on your blogs or message boards, you need to start with one unbreakable rule: Read more…
Tip #3
Keep your security patches up to date
Security patches exist because someone has discovered a flaw in your operating system, application, webform or configuration. Security patches are a must for open source and well known applications. Microsoft has the largest share of the OS market. Finding a flaw in Windows means a hacker could have access to tens of millions of networks and computers. Big find means big money. The same is true of Open Source systems like WordPress and Joomla. They are not only in wide use, but hackers can access the source code. With the source code available they can look for and test new exploits. Read more…
Tip #5
Be Paranoid About Your Website Traffic
Website hacks happen on one of two ways, from external sources or internal sources.
You’ve established strong passwords, validated user input, kept your software updated and limited viewable personal and business data. You’re paranoid and off to a great start. But now you need to monitor your website traffic.
Whether you are on a Windows Server, a flavor of Unix and Apache, all servers create several types of traffic logs. These logs can provide lots of information including smtp access, password crack attempts, and website access and error logs.
Website logs are your friends. Use them. If you don’t have access to these logs contact your hosting company and find out what they have available for your use. If your site gets little traffic, examining the logs manually will be easy. Read more…