Website security
Hello,
Can anyone advise me on website security.
I recently had a shock when I found my websites contained a virus on all the index.html pages... Luckily most of my other pages seem OK...
This has put me off having a website or considering setting up a web business until I find some way of preventing it.
I was given some advice on another forum, (see below) but it does not really satisfy my mind.
I have found some of the code that was somehow placed within my website pages and deleted it... It was also suggested that I could obtain a backup copy of the relevant folder on my website and upload it to my PC to do a Antivirus scan...and then reupload it back to my website..
I am told by my host account that if you have a opt in form on ones webpage that a hacker can somehow send a virus to the website without even hacking into it..
or if they find your username and password they can also FTP the virus to it..
This just seems too easy for them especially if they for some reason are targeting the person or site for whatever reason.
I just wondered if anyone had any other suggestions on how best one can protect their websites.
thank you
Dowsp
-----------------------------------------------------------
I contacted Lunar pages and after speaking to them about my problem, INITIALLY it has put me off considering continueing with having a website or considering running a webbusiness.
This is because from their initial explanation suggested that it seems most websites are so easy to be attacked and to protect ones site is yet another whole act of learning or extra added expence... it just seems never ending !
I was told of a website that can do a free scan of the website...
Website Security - Acunetix Web Security Scanner
I havent done this or read all about it as yet..but I believe tha also the site offers some sort of continuos protection if you pay for the service, but onlly in terms of alerting you... I DONT think that it can still protect
anyone from hacking the website... and to me this is VERY concerning....and does put me off risking going to all the expence and trouble of having a website and having information on ones site that may be accessable.
I thought that the site had been accessed by someone obtaining my username and password info to get in my sites through the Lunar pages host account. BUT I was told that this is not just the only way hackers can acess the site.. IF you have a webpage that has a OPT IN form... ie a webpage with form that allows visitors to leave their
name and email address details so that they can receive things like further information or free offers etc..
That hackers can use these pages to find information that gives them relevant information to either acess the website OR to somehow send a virus to the site..
THIS SEEMS TOTALLY UNPROTECTABLE ! and I am some what gutted to find this out !
It seems it could continue to happen.
I was also informed how to do a back up... initially obtaining a backup file.. then sending it to my pc to do a virus scan check... then reuploading it back and reinstalling it..
Unless someone knows of a much more secure way to protect ones website..
-----------------------------------------------
Using a third party service for "security scan" would make me a little nervous. Not because they couldn't do a good job, I am sure they are good at what they do. However, I think for most people, they can watch over things and do most of the security scanning on their own. Here are just a few things to keep in mind and a watch out for:
+ Script Updates
+ Folder and File Permissions
+ Secure Passwords (that you change, like say... every month?)
Can anyone advise me on website security.
I recently had a shock when I found my websites contained a virus on all the index.html pages... Luckily most of my other pages seem OK...
This has put me off having a website or considering setting up a web business until I find some way of preventing it.
I was given some advice on another forum, (see below) but it does not really satisfy my mind.
I have found some of the code that was somehow placed within my website pages and deleted it... It was also suggested that I could obtain a backup copy of the relevant folder on my website and upload it to my PC to do a Antivirus scan...and then reupload it back to my website..
I am told by my host account that if you have a opt in form on ones webpage that a hacker can somehow send a virus to the website without even hacking into it..
or if they find your username and password they can also FTP the virus to it..
This just seems too easy for them especially if they for some reason are targeting the person or site for whatever reason.
I just wondered if anyone had any other suggestions on how best one can protect their websites.
thank you
Dowsp
-----------------------------------------------------------
I contacted Lunar pages and after speaking to them about my problem, INITIALLY it has put me off considering continueing with having a website or considering running a webbusiness.
This is because from their initial explanation suggested that it seems most websites are so easy to be attacked and to protect ones site is yet another whole act of learning or extra added expence... it just seems never ending !
I was told of a website that can do a free scan of the website...
Website Security - Acunetix Web Security Scanner
I havent done this or read all about it as yet..but I believe tha also the site offers some sort of continuos protection if you pay for the service, but onlly in terms of alerting you... I DONT think that it can still protect
anyone from hacking the website... and to me this is VERY concerning....and does put me off risking going to all the expence and trouble of having a website and having information on ones site that may be accessable.
I thought that the site had been accessed by someone obtaining my username and password info to get in my sites through the Lunar pages host account. BUT I was told that this is not just the only way hackers can acess the site.. IF you have a webpage that has a OPT IN form... ie a webpage with form that allows visitors to leave their
name and email address details so that they can receive things like further information or free offers etc..
That hackers can use these pages to find information that gives them relevant information to either acess the website OR to somehow send a virus to the site..
THIS SEEMS TOTALLY UNPROTECTABLE ! and I am some what gutted to find this out !
It seems it could continue to happen.
I was also informed how to do a back up... initially obtaining a backup file.. then sending it to my pc to do a virus scan check... then reuploading it back and reinstalling it..
Unless someone knows of a much more secure way to protect ones website..
-----------------------------------------------
Using a third party service for "security scan" would make me a little nervous. Not because they couldn't do a good job, I am sure they are good at what they do. However, I think for most people, they can watch over things and do most of the security scanning on their own. Here are just a few things to keep in mind and a watch out for:
+ Script Updates
+ Folder and File Permissions
+ Secure Passwords (that you change, like say... every month?)
Get help with your online ventures and keep growing your web assets: www.webmaster.net