Warriors, protect your website!

by Aravind Murthy

Posted: 15 years ago 14 replies

INTERNET MARKETING

Hello Warriors,

Just thought I would share a few mistakes that I have observed in newbie webmasters (and few seasoned webmasters as well).
Actually I was thinking of publishing these in an ebook and sell it with a price tag - but decided to do better.

Here are the mistakes that you must try avoiding:

1. Absense of index.html - Keep an index.html page (just a blank html page will suffice) in every directory you create in your server. This prevents the web server from listing the contents of the folder to your visitors.

2. Having obvious file names for your "thank you" pages - Although this has been discussed numerous times, I still see many people who have website/thankyou.html - wide open for tress passers. Please rename them to something which is impossible to guess (how about <the name of your pet.html> ?

3. Having obvious filenames to login and admin pages - Please try and rename all your login.php (login.html or whatever) and admin.php files to something else. Hackers all over the internet are googling for login.php and admin.php pages. Please talk to your programmer on this, since there may be other pages that may be pointing to these pages and you may need to fix them too.

If you know more such things, please share your tips here.

I know there are a lot of high ticket products there which protect your downloads, but renaming files is something that you can do easily today.

Edit : Adding one more

4. Not deleting installation file/folder of a script This is the deadliest mistake. Please delete these installation files after testing that the installed scripts are working fine. Otherwise you will be allowing hackers to modify your script content (probable hijack your data)

Thanks for sharing the tips warriors. Please keep them coming. We can learn a lot from each other.

Regards,
Aravind

#download protection #hacking #protect #warriors #website #website protection

mrsray 15 years ago

all very good tips, thanks for sharing
- Thanks
- 1 reply
Signature

>>> no cost website hosting, ad free, for life <<<
StartYourOwnOnlineBusiness.com
{{ DiscussionBoard.errors[369990].message }}
- zzPGzz 15 years ago
  
  Thanks for sharing these tips, especially the first one.
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[370005].message }}
  
  Julia Andersson 15 years ago
  
  If your website is a blog format make sure that all comments are moderated... Otherwise you'll get inundated with link spam from lowlifes and you'll very quickly find that your site is full of links to online pharmacies, porno sites and other such undesirable links.
  
  Thanks
  
  Signature
  http://www.bestwaytoloseweight4u.com
  
  {{ DiscussionBoard.errors[370091].message }}
ryanman 15 years ago

Even having not so obvious names on your thank you doesn't really prevent them even when you have the no follow on. Alexa can index it...It's always better to protect them using some sort of a script such as dl guard.

Thanks a lot for the tips.
- Thanks
Signature

^^^Click The "UGLY BANNER" to "MAKE MONEY"^^^
{{ DiscussionBoard.errors[369999].message }}
babarapho 15 years ago

Thank you for piece but precious advice
- Thanks
{{ DiscussionBoard.errors[370204].message }}

jrsencio

15 years ago

Great tip. If I may ad, I have used a blank html page in the past, but what happens is you ad a page on your site that does not have content and would turn out to be a useless page, so you could either nofollow noindex that page so search engines disregard it or you can add it to your robots.txt file as a page that bots are not to access.

Otherwise you can simply 301 redirect that URL to another page on your site or the main page.

Thanks
1 reply

{{ DiscussionBoard.errors[370212].message }}

Aravind Murthy

15 years ago

Originally Posted by jrsencio

Perhaps you could have a salespage of a product you are promoting as the index file for that folder.

Thanks

{{ DiscussionBoard.errors[372983].message }}

JOhnny Depth 15 years ago

Thanks for the useful tips!
- Thanks
- 1 reply
Signature

I make money blogging with entertainment tonight.
Do you know any tech savvy person?
Looking for contest sponsors!
{{ DiscussionBoard.errors[370281].message }}
- Eric Lorence 15 years ago
  
  I'll add one...
  
  Always FTP and login to Cpanel by SSL, meaning using the address "https" instead of "http".
  
  Script Kiddies can grab your login info easily over HTTP.
  
  The Cpanel address will be something like this "https:// YOURIP :2083"
  
  Your FTP should look like this: ftps. yourip . com
  
  Ask your host support to set up SSL if not already set for your account.
  
  Also many Warriors will be able to assist in this.
  
  Thanks
  
  {{ DiscussionBoard.errors[370396].message }}
Richniche 15 years ago

These are good tips for a not-so techie guy like me. I will share this to my webmaster friend so he'll check my site.

Thanks for sharing.
- Thanks
Signature

Web content writer since 2007. Need high quality articles without worrying about the price? Let me help you.
Check out what my clients are saying.
{{ DiscussionBoard.errors[370410].message }}

jayden.fellze

15 years ago

Originally Posted by Aravind Murthy

Hello Warriors,

Just thought I would share a few mistakes that I have observed in newbie webmasters (and few seasoned webmasters as well).
Actually I was thinking of publishing these in an ebook and sell it with a price tag - but decided to do better.

Here are the mistakes that you must try avoiding:

1. Absense of index.html - Keep an index.html page (just a blank html page will suffice) in every directory you create in your server. This prevents the web server from listing the contents of the folder to your visitors.

2. Having obvious file names for your "thank you" pages - Although this has been discussed numerous times, I still see many people who have website/thankyou.html - wide open for tress passers. Please rename them to something which is impossible to guess (how about <the name of your pet.html> ?

3. Having obvious filenames to login and admin pages - Please try and rename all your login.php (login.html or whatever) and admin.php files to something else. Hackers all over the internet are googling for login.php and admin.php pages. Please talk to your programmer on this, since there may be other pages that may be pointing to these pages and you may need to fix them too.

I really want to make a WSO out of this, but decided otherwise. I will come back later with more mistakes that you need to avoid (I am a bit busy now :-( )

If you know more such things, please share your tips here.

I know there are a lot of high ticket products there which protect your downloads, but renaming files is something that you can do easily today.

Regards,
Aravind

Aravind,
very useful stuff there.
Another potential target is the customer login page. People can be targeted for unwanted purchases etc.
Also, the flash intro websites almost every time seem to forget the importance of having the index page.
Also, Joomla pages having a flash intro are not well optimized for the index.php or index.html

Thanks
1 reply

Signature

>> FREE Report: 100 Targeted Visitors/Day From Scratch In 2 Months <<

.

{{ DiscussionBoard.errors[370465].message }}

Qbiz 15 years ago

Hi thanks for sharing these insights. Here's another one which may help newbies using Paypal order links - ensure that the html page or at the very minimum the paypal link reference is encrypted. This will prevent visitors seeking to obtain a freebie by looking at the paypal code to identify the 'thank you' or download page.

Kind Regards

George
- Thanks
{{ DiscussionBoard.errors[370595].message }}

Amber_Writes 15 years ago

Thank you for that insightful post. You've made me readily aware of some factors by which a site could be attacked that were formerly unknown to me. I appreciate it, and hopefully it will save a lot of other warriors some headaches!
- Thanks
- 1 reply
{{ DiscussionBoard.errors[372990].message }}
- JamesFraze 15 years ago
  
  FTP is not secure, use SFTP instead
  HTTP is not secure, use HTTPS instead (for example, gmail)
  
  I use dreamhost (PM me for coupon codes), and you can easily add an .htaccess file that forces a password popup to enter. Simply renaming a file doesn't really help.
  
  Be careful of wide open permissions, especially on a shared account: 777 means that anyone who has an account can read and write to your folders., Use 755 if you need a folder to run scripts, and 644 if you just need people to read them.
  
  Change your default passwords - default passwords are routinely in a database and easy to crack
  
  Don't use a dictionary word, instead use a sentence:
  Mary Had a Little Lamb, Who's fleece was white as snow: MHaLL,Wfwwas
  Use uper and lower case and include a non letter symbol: MHaLL,Wfwwa$
  
  Backup your files, eventually your machine will crash - trust me, eventually it will crash. Use an online service if you can't afford a USB drive (AWS cloud computing is a few cents per month for a few GB of storage)
  
  Make sure everything has a password (like your windows computer login for example)
  
  For files that contain passwords (like php files that connect to a database), move the file to a directory that can't be found from the web.
  
  If you are using a commercial program, check it for updates and subscribe to it's security newsletter so you know of any holes you need to patch.
  
  Keep your computer updated and use a free virus scanner (to prevent keyloggers/trojans). An out of date virus scanner is worthless, get a free one like AVG, AntiVir, or Avast.
  
  Sorry I'm rambling .... 18 hour day cleaning up viruses from a client's computer network today and I can't tell if I'm fighting zombies or if I'm hallucinating... goodnight.
  
  Thanks
  
  {{ DiscussionBoard.errors[373264].message }}

Warriors, protect your website!

Trending Topics

Been a while! Any of you Old Timers here?

How much does the rebranding affect CR ?

Are billboards still effective in driving customers?

Boat and Jet Ski Rentals...... Door Hangers Effective?

A Very Strange Internet Problem