Basics Of Securing Your Web Site

[CNX1]Introduction |
[CNX2]Passwords |
[CNX3]Staff |
[CNX4]Folders && Errors |
[CNX5]IP limit && Information |
[CNX6]Forums |
[CNX7]Admin Login |
[CNX8]Proxy Prevention |
[CNX9]Check Your Host |
[CNX10]Conclusion |
???????????????-

______________________________________________
Introduction - [CNX1]
______________________________________________
Hello and thank you for reading my article on ?Basics Of Securing Your Web Site?
enjoy the read and after you finish please do leave me a comment/suggestion.
This article will show you different ways on how to secure your website and what
to look out for. Feel free to post this tutorial on any other website just give credit!

______________________________________________
Passwords - [CNX2]
______________________________________________
Passwords everything you need to run a website and too login keeping your members passwords
safe is very important. And believe me nothing but anger will come from your members when they
find out there passwords have been posted. So make sure if you do make your own scripts to encrypt
the passwords via MD5. Putting it in plain text is just asking for a pwnage! Now let?s say your
web site does get attacked and access, the attackers download the db they see that you encrypted
all of the users passwords in the md5 format. Now the attackers have to spend alot of time cracking
the passwords and half the time they won?t even crack them because most of the word lists now ah days
suck.So it?s alot better because just in case you do get attacked maybe only 7 out of 100 account
passwords will get cracked.So always encrypt your passwords never leave it in plain text.Now let?s say
some body get?s an SQL Injection on a web page pulls the information and now see?s the text

admin : g00feyg00ber

Its in plain text game over~ The attackers doesn?t have to worry about cracking anything just finding the login =)
So encrypt your shez b0yz.

______________________________________________
Staff- [CNX3]
______________________________________________
Staff members are the most trusted on the website but be care full on who you add to your staff some people
might be just spamming the website so they look active get in the staff group and then start to mess with things.
So make sure you promote the right people and that you know them on a decent level, also watch out for social engineering. This is becoming alot more common now days people act like staff members over msn/irc/aim and then talk
you into giving them access.So a good way to prevent this is too set up a little system like a certain question or
some thing personal they would know.One thing I like is using the phone number question, works alot 
So watch out for who you promote and who?s claiming to be some one there not test your staff.We have just gone over
the password problem above so now im going to tell you about staff passwords. Now administers this should be a
requirement for all staff members they should all have very!very! strong passwords. So you never have to worry about
brute force attacks or things like that.Make sure that they use upper case lower case letters and maybe a symbol in there.

______________________________________________
Folders && Errors - [CNX4]
______________________________________________
Errors something attackers love to see it gives them the hint that there on the right track, so make sure
to disable all errors. So let?s say some body is close to an SQL Injection but no errors are showing up so he?s a bit
lost, and thinks he?s not getting any were so just stops.Folders /images/ things like that make sure to close those off
so no body can view your things. So they won?t be able to browse through the folders and if there trying to attack the
website they will have no help from the error system.

______________________________________________
IP Limit && Information - [CNX5]
______________________________________________
IP limit its nice to what does this mean, it means that lets say Becky is trying to DDOS CN website after her
ip shows up more then 35 times a day her ip gets banned for a few days. This is a good thing to use to protect
your self from DDOS and bandwidth draining attacks. Now the information part is making sure no body?s public information is
posted on your website such as address,phone numbers,etc. And if it is hide it or encrypt it in some sort of way so none of
your members/staff members d0x?s gets published.

______________________________________________
Forums - [CNX6]
______________________________________________
Forums <3 style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; ">the same time forums can be a way to get in.So make sure to limit things and edit some stuff such as what letters/characters arn?t
allowed in members names.Disable any type of HTML/Video posting and make sure that you dis able avatar upload and just make it so they
have to link to the image.

______________________________________________
Admin Login - [CNX7]
______________________________________________
The admin login page is what alot of attackers try to find so they can brute force it or try to do other things to it some cool tricks to
do is to switch up some code. And make it so you have to have a certain user agent to be able to view the admin login page. You can use the
fire fox User Agent switcher to do tis easily.Directory also make it hard to find the admin login don?t use /admin/ /administer/ make something
unique.Attempts make it so you only have like 5 chances to log in if you pass the limit you have to wait one hour or two w/e. This will prevent
alot of brute forcing attacks.

______________________________________________
Proxy Prevention - [CNX8]
______________________________________________
TOR Prevention:

Proxy Prevention:

Now this will make it so users cannot surf your website via proxy so if they do get banned they won?t be able to visit the
web site again.

______________________________________________
Check Your Host - [CNX9]
______________________________________________
Its always good to check your host out make sure there not easy to social because some people will go to the extent of socialing your
host for your password.So it is good to be on good terms with your host make sure there not exploit able and tell them a thing or two.
Because some web host can be easily tricked by a simple email or a phone call its as easy as telling the host over the phone that your
computer got water spilt all over it so I need a password change. Then they tell you the new password over the phone so then you just log
in and you have full access.

______________________________________________
Conclusion - [CNX10]
______________________________________________
Ok now your website is alot more secure your folders are /protected/ you have a strong staff team all of your passwords are strong so no
worry's about brute force attacks.Banned members cannot get back on your website sense you have the proxy prevention scripts, your admin
login is safe your host is not vulnerable to socialing.You have everybody?s passwords safe and you can prevent little skiddie DDOS attacks
so now your website is alot more secure then probably half of the websites on the net.

IF YOU LIKE MY POST PLEASE COMMENT