HACKERS are scum; a statement we all know to be true, but yet most companies are not doing everything they can to ensure that the hackers don’t hack their site. Hackers spend their days hunting down weak points in a website and then doing their evil hacker thing and stealing money and information and God knows what else. Here’s how you can ensure you are doing everything possible to keep them out.
The first line of defence: your software. If you’re using a hosting company like planethippo.co.uk then you needn’t worry too much about keeping the software updated and secure, as most hosting companies will do it for you, however if you have CMS or a forum, you might have to update these yourself. Don’t leave holes in your software for hackers to worm through.
Cross Site Scripting
I would recommend not allowing users to upload files to the site directly, even seemingly harmless files like jpeg avatar pics. It is too easy for files to have malicious code within them that can wreak havoc on your site. It’s a shame that users can’t upload files, but it is better safe than sorry. If you need file uploads, talk to your hosting company to see what can be done to help protect your site.
Password and Username Error Messages
Sometimes the digital bandits will just try to log on to your site the old fashioned way by entering passwords and usernames in again and again. The error messages should read something along the lines of ‘Password or Username is Incorrect’. Wording it this way doesn’t let the attacker know which bit they got wrong or right.
On the subject of passwords make sure that anyone who has an account on your site chooses a complicated password. I know it’s a hassle and your clients won’t thank you for it, but it does make such a difference when a hacker tries to get access. If the password is complicated enough, then it makes their job so much more difficult.
By now, most people will be using SSL to secure their site communications, but if you’re not, make sure you implement it now. Hackers can too easily find personal information and hack accounts if you haven’t secured communications.
If you’ve done all of the above, your site should be a lot safer now, however it’s always best to be safe and so check out OpenVAS as they will be able to scan your site and find any vulnerabilities. If you don’t deploy a scanner of this nature then the only time you’ll find out if you’ve got a weakness is when malicious code gets through and seriously messes up you site, business, or clients.