Knowledgebase: General Hosting
Posted by - NA - on 13 January 2011 09:41 PM
Due to some ongoing concern for security, we've decided to write up a guide on how to protect yourself from getting "hacked". There are two common things that we see which lead to peoples pages being defaced (hacked): Scripts and passwords. It's extremely important that you keep up-to-date on scripts you run on your website (PHP, Perl, etc.). |
#1) Research the script before you buy, or install it. Any search engine should provide a good bit of user reviews for any script you may want to try out.
#2) Newer isn't always better! Installing "Beta" or "Unstable" versions of scripts can leave you open to attacks. Sometimes it's better to wait on that new feature you want.
#3) Always upgrade your scripts to the latest stable version as soon as possible. This is especially true if it includes security fixes.
#4) Read the instructions! Even if you're a wizard with installing scripts, it's important that you read the instructions. Improper permissions or leftover installers are quite common.
Here's a small list of some of the more popular scripts our users run that have known vulnerabilities (so check yours!):
phpBB (1 and 2)
It's possible for someone to "guess" your password by brute forcing (trying every password in a list) authentication attempts on the Hosting Control Panel or FTP. A strong password will generally save you in these situations. Here's some password tips that will help protect you and your clients against these types of attacks.
#1) Make your password at least 8 characters long.
#2) Use a combination of upper- and lower-case letters.
#3) Use numbers.
#4) Use special characters (!$%, etc.).
#5) Use a totally random combination of #2-#4.
#1) Don't base your password on a real (dictionary) word (In any language).
#2) Don't substitute letters in words with numbers or special characters. This is generally anticipated as it's a common practice.
#3) Don't use anything related to you as your password (ex: name, birthdate).
#4) Don't use the same password for multiple accounts.
Examples of BAD passwords:
Example of a GOOD password: