|
|
|
|
Thread title: Web Security |
|
|
|
|
|
Thread tools
Search this thread
Display Modes
|
|
01-05-2006, 09:38 AM
|
#1
|
Status: Non-conformist
Join date: Jul 2005
Location: Canberra, Australia.
Expertise:
Software:
Posts: 1,172
|
Web Security
The other day a website of mine was hacked - they stripslashed two of my php files, put some kind of weird tracking thing there, and stuck a link there as well - unfortunately for them when they got rid of my backslashes they screwed everything up so much it would never run, let alone display the link).
Is there anything you can do to prevent this? They obviously cracked the password required to log into FTP somehow...so is there any way to make the whole thing more secure?
|
|
01-05-2006, 11:11 AM
|
#2
|
Status: Member
Join date: Feb 2005
Location: UK
Expertise:
Software:
Posts: 335
|
If they used the FTP then make a new account with a really obscure username/password and disable the old one. If they don't know the username either it will be 10x harder.
|
|
01-05-2006, 11:35 AM
|
#3
|
Status: Request a custom title
Join date: Feb 2005
Location: The Netherlands
Expertise:
Software:
Posts: 2,616
|
As jonny said, use a very bizarre user ans password and also update it regulary. Use a lot of random characters eg: 1q@w2$3w%1q#564q65q4we878;qwe;.98:7
Very hard to crack. Use a password that you don't use anywhere else.
|
|
01-05-2006, 05:22 PM
|
#4
|
Status: Request a custom title
Join date: Aug 2005
Location: Great Yarmouth, England
Expertise:
Software:
Posts: 1,321
|
What they said, i never use a password in two different places, like my password here is different than my password on sitepoint.
|
|
01-05-2006, 06:08 PM
|
#5
|
Status: Member
Join date: Nov 2004
Location:
Expertise:
Software:
Posts: 203
|
You would indeed be best off using different passwords for different things, and making them long, and hard to guess - random lettters, numbers (and other characters, if acceptable) would be your best bet.
Are you sure these people didn't exploit a security hole in some script you are running, however, or simply gain access to the whole of your hosts server via another method?
You would be best checking logs to first establish (for sure) how they gained access, before trying to come up with a solution to prevent it happening again.
If you are on a shared/virtual hosting plan, it could be that the solution isn't yours to come up with, but rather your web hosts.
|
|
|
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
|