NAVIGATION
Search BWDP
|
|
 |
|
No website is 100% secure
|
|
The only way to guarantee, that you don't have a website which gets hacked, is to guarantee that you don't have a website. Still, there are many ways to reduce the likelihood of your site being hacked.
|
 |
|
First things first, ICANN refer all domain names to their respective web servers. If ICANN get fully hacked, so does every website in the world. You can't do much about this.
|
|
|
Assuming that ICANN are secure, you now need to check your domain name registration agent.
If your registrar gets hacked, then wrongful details can be sent to ICANN and your site can be replaced with a hacker's alternative.
To make the best choice of domain name registrar, go for one that's:
- Well established in the industry
- ICANN Accredited
- Got a well coded website
Well established in the industry
If they're not well established within the industry, then their procedures may not be able to handle surprises efficiently, and relevant skills are likely to be poor.
ICANN Accredited
If they're not an ICANN Accredited Registrar, then they're probably not as well established in the industry as they could be, and you have no guarantees of how domain name disputes will be resolved. If your ownership of your domain name is successfully challenged, resulting in a new owner, then you've lost a vital part of your website.
Got a well coded website
If their site it poorly coded then you can assume that their security measures are concordantly flawed.
|
|
|
Next inline are the web hosting servers. If these are hacked then so is your site.
If you notice any breaches in the security of your web host then you can always change servers, provided you have a cooperative registrar, but the chances are that you wouldn't notice your web host being hacked until plenty of damage has been done.
With lots of money and technical knowledge you could always register directly with ICANN, or you could host your site on your own servers, or both, but either way you would need to have lots of experience and skills before this would be anywhere near as secure as using well established service providers.
|
|
|
If you have a script that processes any superglobal variables, such as cookie data, POST or GET data from forms, or predefined variables like HTTP_REFERER or HTTP_USER_AGENT, then you risk being hacked through injection of malicious code via these variables.
A validation method is only as secure as (or less secure than) the language that it's written in. For example, if you apply a very secure data validation function of any server-side scripting language to incoming data, then the parser could still be exploited via injection of a low-level language like assembly, or even binary code.
To limit the chances of such calamities:
- Use popular, well-established, open-source technology for server-side scripting.
- Stay up-to-date with the officially recommended data validation functions and techniques.
- Avoid any unnecessary processing of superglobal variables.
- Avoid any presumtions that unfriendly data will not be submitted.
- Give unique, secret login pages to each user where appropriate.
- Divide your system into lots of directories and access levels.
- Give each user no more access than they need.
- Record extremely detailed logs.
- Keep secure backups of all important documents.
- Send detailed automatic email notices to administrators upon any breaches of access or suspicious activity.
|
|
|
If you stay friendly with everyone then you're less likely to be targetted by hackers. Don't act omnipotent and don't show off too much.
|
|
|
The chances of crossing paths with a hacker so skilled is unlikely if your website is very small, but increases with the popularity of your site. Have an action plan for when you do get hacked, making your responses most effective in such times of crisis, helping you to route out any previously exploited issues, and reducing the likelihood of further drama by scaring away or catching the hacker.
Also, try not to invest too much time or money in the future of your site, and have a backup passtime or profession for when the entire Internet collapses.
|
|
|
Don't put all your eggs in one basket. Don't use the same technologies or service providers for all of your websites.
|
|
|
|
|
|
SPECIAL FEATURES
Webmaster Tip
Don't confuse your users with too many links per page.
Webmaster Tip
A useful website will market itself.
|