jhookway — 2013-01-24T22:38:19-05:00 — #1
Whats the best way to ensure my website is going to remain private. Can I hire the services of a hacker, ask him to do his worse and hack the site? Or is there another way of going about it?
Thanks for any help.
2ndmouse — 2013-01-25T10:09:56-05:00 — #2
Depends what you mean by 'Private'
You could password protect your root directory
dklynn — 2013-01-25T17:55:52-05:00 — #3
Ever hear of encryption? You can encrypt your files to keep them private as long as you use a good (unguessable) seed and strong algorithm.
DO both for more security.
felgall — 2013-01-25T21:52:36-05:00 — #4
Simplest way is to not put it on the web in the first place - that way it will stay private as it will not be in a publicly accessible spot.
technobear — 2013-01-26T06:32:03-05:00 — #5
Do you really mean private, or do you mean secure? i.e. preventing unauthorised access to admin areas, etc.?
ralphm — 2013-01-26T07:56:01-05:00 — #6
Until some kid comes along with his laptop and cracks you WiFi password in a few seconds with some free script ... :rolleyes: (I've seen them do it ...)
serverstorm — 2013-01-26T19:18:15-05:00 — #7
If your site uses a dynamic language and a database then you need to ensure that security loop-holes are taken care of, things like:
- Session encrypted and stored in the database rather than the file system
- cross-site scripting attacks
- cross-site forgeries, file uploads (notoriously insecure as most of the examples on the web have zero security thinking inbred, form spoofing
- SQL injection
- using weak encryption algorithms
- not using a shared host - this also means not using most VPS or cloud services
- password hacking protection
- closing off error reporting or customizing it to ensure that end-users don't see what server and database technologies you are using
- you also want to stay away from using 3rd party components, but if you write your own you need to understand how to write your own secure code
- use https for everything
- separate the database and web server and maybe content onto their own servers. Use a CDN for your content.
- research your hosts thoroughly and ensure that the have an excellent security methodology that they follow, keep regular backups and have redundancy in power, bandwidth, and hardware. Research how many people have any access to the servers and ask to show proof of security clearance.
- don't upload or transfer content unless your travelling through an end-to-end VPN tunnel
- grant the fewest privileges to the fewest people possible and only grant just what they need for the time they need it, no longer.
- have a certified hacker try to break-in and provide a security audit report.
Many of these topics open up a whole bunch of cans of worms, so this is not an easy task.
dklynn — 2013-01-27T03:26:51-05:00 — #8