Hacking And Hackers, Keeping your information safe !?!

[Big JP]

Obviously, being an internet marketer will require alot of accounts, websites, campaigns etc. And with so many new stories daily coming from people who have been victimised by hackers, just how can you safely manage all of your information?

It is definetely something that should not be underlooked, as the last thing anyone would want is to find out that one of their hard earned sites has been hacked, or their sensetive information has been stolen, it could ruin their business to say the least.

I'm sure all the big earners would have this area covered, and many people like myself would be very grateful for any tips or recommendations to make sure that building a successful business online can be done safely.

- Surfbot

The best tip I can give you .... Get out the good old pencil and paper and write down all your passwords, username, and etc.. Do not keep all that information on your computer.

Yep type it in everytime you go to login a site, that is the best form of security you could think of...

James

[Big JP]

Quote:

Originally Posted by TheRichJerksNet

The best tip I can give you .... Get out the good old pencil and paper and write down all your passwords, username, and etc.. Do not keep all that information on your computer.

Yep type it in everytime you go to login a site, that is the best form of security you could think of...

James

Yes, but its not where they are stored that can lead to theft, scripts allow hackers to either capture your info when you type it into the form, and also they can bypass logins via certian scripts, which allows them acces to your admin areas etc.

[Big JP]

Just wondering if anyone has come across any usefull software or tools that can help with these kind of issues ?

[CmdrStidd]

One of the biggest problems I have seen inexperienced and experienced programmers make is to not run the data through a business layer to keep hackers from injecting sql code into the inputs. Once a person injects that code into the database via your inputs they can gain full access to all your information that is stored on the site.

I always run the info through validation to ensure that no one is injecting sql without my knowledge.

As far as software goes to help you, I would not recommend becoming too comfortable with using any software as the hackers can and usually do find ways around the programs. Code your site defensively and you will learn to spot all the potential ways that hackers can gain access to your data and then you will see how to stop them.

This is an ongoing learning experience for everyone. No programmer or designer is exempt from it. I hope this helps you.

Dana

[Big JP]

Quote:

Originally Posted by CmdrStidd

One of the biggest problems I have seen inexperienced and experienced programmers make is to not run the data through a business layer to keep hackers from injecting sql code into the inputs. Once a person injects that code into the database via your inputs they can gain full access to all your information that is stored on the site.

I always run the info through validation to ensure that no one is injecting sql without my knowledge.

As far as software goes to help you, I would not recommend becoming too comfortable with using any software as the hackers can and usually do find ways around the programs. Code your site defensively and you will learn to spot all the potential ways that hackers can gain access to your data and then you will see how to stop them.

This is an ongoing learning experience for everyone. No programmer or designer is exempt from it. I hope this helps you.

Dana

Yes good information thanks, the slq code seems to have been a problem for alot of people, and like you said it is something that is an ongoing learning experience, I just wondered if there were any little tricks or tips to check these things, you mention running through validation, what do you mean by that? Thanks

Quote:

Originally Posted by surfbot

Yes, but its not where they are stored that can lead to theft, scripts allow hackers to either capture your info when you type it into the form, and also they can bypass logins via certian scripts, which allows them acces to your admin areas etc.

Yeah this happens when so-called self proclaimed programmers slap together a bunch of open source code when they know nothing about coding to begin with...

Buy secured scripts and deal with secured websites you do not have this problem....

The fact is though nothing is 100% secure but there are some website developers such as myself that cares about clients and customers and does everything that can be done to make things secured.

James

[CmdrStidd]

Quote:

Originally Posted by surfbot

Yes good information thanks, the slq code seems to have been a problem for alot of people, and like you said it is something that is an ongoing learning experience, I just wondered if there were any little tricks or tips to check these things, you mention running through validation, what do you mean by that? Thanks

First off, I want to apologise for the late reply but I have been quite busy here of late and I have not had much time to change my mind, let alone surf online.

When I am talking about validation, I am referring to part of the activities that occur in the business layer of your website. Picture it like a 3 layer cake. The top layer is what is accessed by the end user and it is typically very site specific in its functions. The bottom layer is what deals strictly with the database. To make the 2 layers work together you have the middle layer and it does all the grunt work for the site.

Now, lets say that you are asking for the user to input an email address. You want to make sure that it is an email address that they have put into the textbox so you would run it through a form of validation that checks to see if it matches the pattern for an email address. That pattern is as follows:

Some nuimber of characters including letters, numbers and certain special characters followed by an @ followed by another series of characters that are either letters, numbers or hyphens followed by a dot followed by 3 more letters.

Well, for a coder there is a special way of validating the input to see if it matches that pattern. Here is what that string looks like. This is the same one that I use quite frequently as it most closely matches the RFC codes that I have found to date.

@"^(?!\.)(""([^""\r\\]|\\[""\r\\])*""|" + @"([-a-z0-9!#$%&'*+/=?^_`{|}~]|(?<!\.)\.)*)(?<!\.)" + @"@[a-z0-9][\w\.-]*[a-z0-9]\.[a-z][a-z\.]*[a-z]$"

As you can see, it is a long one but this will validate all accepted versions of email addresses and block any that do not match the correct pattern. This regular expression will also block any tsql language commands that a hacker might try to interject into the database and since it is done in the middle layer, their tsql code never makes it into the database and they never get access.

I hope this little explanation helps you better understand validation. You can google regex which is short for regular expressions for more details.

Dana

[Harvey Segal]

Quote:

Originally Posted by CmdrStidd

@"^(?!.)(""([^""r]|[""r])*""|" + @"([-a-z0-9!#$%&'*+/=?^_`{|}~]|(?<!.).)*)(?<!.)" + @"@[a-z0-9][w.-]*[a-z0-9].[a-z][a-z.]*[a-z]$"

Dana

It's a shame you fell on your keyboard while typing this.

Are you going to supply the correct version ?

Harvey

[CmdrStidd]

Quote:

Originally Posted by Harvey.Segal

Dana

It's a shame you fell on your keyboard while typing this.

Are you going to supply the correct version ?

Harvey

What is wrong with that regex? It is the one that I have been using for some time now and it has worked great for me. If there is something that is wrong with it that it does not conform to RFC guidelines then I would most definitely like to know so I can correct it.

[Emma Stery]

Quote:

Originally Posted by CmdrStidd

What is wrong with that regex? It is the one that I have been using for some time now and it has worked great for me. If there is something that is wrong with it that it does not conform to RFC guidelines then I would most definitely like to know so I can correct it.

I don't think you caught Harvey's joke. I did. Funny.

I'll offer some advice on protection.
Don't put your computer under serious lockdown. If you have 3 different firewalls, 2 anti-virus, 2 forms of back-up, and Ad-aware... what are you protecting? That alone signals hackers that you've put way too much effort to hide something and they'll break through it just to see what it is.

Keep your anti-virus up-to-date and run spybot.de once a week or so (I found spybot to be the best, IMHO) If your computer is running suspiciously slow and may have a lag time when first connecting to the internet or just starting the computer.. run a deep clean of it.

[TristanPerry]

A few tips which I swear by. It's 1am here, so apologies if any are a little poorly written

1) Have a different password for every single website (unless it's a really pointless website which you just need a temporary, throw-away account for). This sounds overkill, but I once had a very secure password (15+ characters, symbols, numbers, letters, etc) which I remembered. I used it for most websites I went on.

Then, one day, one of the large ones I went on got hacked, and the hacker posted the MySQL database's users table online for everyone to download. It contained my encrypted password, which is good since it's not plain-text, but obviously this still posed a security threat (especially since, who knows in the future whether md5 - what was being used to encrypt the passwords - would be cracked further). My very secure password (albeit in an encrypted form) was posted online for all to see.. not so secure now!

Hence now I use a new password for each site I go on. Get a good (well known) offline password generator and use this to generate new passwords for you. Roboform is a great piece of software (it's a password bank to remember all your passwords, plus it generates passwords too), although unfortunately it's Windows-only and I now use Ubuntu.

2) Backup, in more than one location. Keep more than one backup of your important files and password bank(s). I backup some files onto my USB pen, and my website files and all onto my external hard drive. I also have a VPS and a dedicated server, and I zip up my passwords (into a password protected folder) and upload this zip folder onto a secure location on my servers. This may seem overkill, but since I have 150+ accounts around the place, and some valuable websites/domains, I wouldn't want to lose my backups permanently due to something as trivial as only backing up to one other source.

3) Have a good anti-virus scanner. When on Windows I used Kaspersky anti-virus, which was a very good anti-virus program. Now on Linux I still have an anti-virus program; I use avast.