Knowledgebase: General Hosting
Security Advice
Posted by - NA - on 13 January 2011 09:41 PM
Due to some ongoing concern for security, we've decided to write up a guide on how to protect yourself from getting "hacked". There are two common things that we see which lead to peoples pages being defaced (hacked): Scripts and passwords. It's extremely important that you keep up-to-date on scripts you run on your website (PHP, Perl, etc.).



Script Tips:

#1) Research the script before you buy, or install it. Any search engine should provide a good bit of user reviews for any script you may want to try out.

#2) Newer isn't always better! Installing "Beta" or "Unstable" versions of scripts can leave you open to attacks. Sometimes it's better to wait on that new feature you want.

#3) Always upgrade your scripts to the latest stable version as soon as possible. This is especially true if it includes security fixes.

#4) Read the instructions! Even if you're a wizard with installing scripts, it's important that you read the instructions. Improper permissions or leftover installers are quite common.



Here's a small list of some of the more popular scripts our users run that have known vulnerabilities (so check yours!):

phpBB (1 and 2)

SquirrelMail

PortailPHP

PHP-Nuke

vBulletin

PAFileDB

myPHPNuke

Geeklog

My Postcards

FormMail

Agora

FAQManager





It's possible for someone to "guess" your password by brute forcing (trying every password in a list) authentication attempts on the Hosting Control Panel or FTP. A strong password will generally save you in these situations. Here's some password tips that will help protect you and your clients against these types of attacks.



Do's:

#1) Make your password at least 8 characters long.

#2) Use a combination of upper- and lower-case letters.

#3) Use numbers.

#4) Use special characters (!$%, etc.).

#5) Use a totally random combination of #2-#4.



Don'ts:

#1) Don't base your password on a real (dictionary) word (In any language).

#2) Don't substitute letters in words with numbers or special characters. This is generally anticipated as it's a common practice.

#3) Don't use anything related to you as your password (ex: name, birthdate).

#4) Don't use the same password for multiple accounts.



Examples of BAD passwords:

dave

d4v3

DaVe



Example of a GOOD password:

v!Nr7$H8.
(235 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments: