Category: Security

Website Protection – Protect Your Site From Possible Attacks

In this article we are going to analyze some of the basic options you have when it comes to protecting your website from internet threats and also inform you about the most common threats that lurk out there!

Most Known Threats

1. Cross Site Scripting (XSS)

artofdevelopment-website-SafeThe most common type of attack out there is based on your inputs. Forms, fields, text-boxes, page headers, url query strings, cookies, and any other form of input that can bring a possible attacker in direct communication with your database. Cross Site Scripting or else XSS, as it is called,  can be carried out in many ways,by entering “special characters” into these inputs and is the basic form of attack you should know how to avoid.

2. Advanced search queries (Google Hacking)

Another common threat, is widely known as “Google Hacking”. This attack is based on the documents that are stored in a server and have been indexed by Google but they are not restricted by robots.txt. Advanced queries used by potential attackers can grand them access to your “precious” files and can be used to extract valuable information out of them.

10 Simple Steps To Avoid Potential Attacks

Here is a list with things you can do to avoid the attacks we saw previously and others…

1. SSL:  Use SSL encryption to provide a high level of security to your site.

2. CMS Updates: Try to make all the recent updates to your CMS in order to catch up with the newest security updates.

3. Validate All Inputs: The basic “remedy” for Cross Site Scripting is validation. Always validate your inputs about the expected content’s type and length. You should NEVER use  JavaScript Validation as it can easily be removed.

4. Hide website errors – Setup custom error pages: When “bringing out” an error page, the attacker can learn some valuable information about the database technology you are using and this is making his attack a lot easier to be executed. Hide all these information by setting up your own Custom Error Pages.

5. Protect your files with passwords: Protect your most critical files with passwords.

6. Secure your source code: You can make use of certain scripts in order to disable your source code from all internet users and by that from potential attackers.

7. Robots.txt: Always use a robots.txt for your website in order to secure critical files from being indexed by search engines. This technic can protect you from the 2nd most known attack we saw previously “Google Hacking”. Make sure you are not letting search engines anyway near to your valuable documents files by declaring the directory in robots.txt.

8. Check your server for directory listing: Check for access in existent directories and folders you shouldn’t be able to see in the first place. If you are able to see the folder’s contents, try to change the permissions to these folders or contact your web hosting company to disable it for you.

9. Remove unnecessary files & pages: Try not to leave pages or files of your website which you do not need on your server. These pages have being probably indexed by Google and although you may not have any use for them they are still there and ready to be accessed by anyone.

10. Protect email addresses: Avoid spammers by “hiding” your email address. Use an Email link instead, letting users email you instantly without revealing your address.

There are always going to be “flaws” in your websites and it is almost certain that there are always going to be people trying to find a way to “break in”. Maybe you can’t be 100%  secure but you can minimize the danger by using some of these simple technics.