| |
10-10-06
4Images Gallery, AccountLab Plus, Coppermine Photo Gallery,
Mambo Open Source, phpCOIN, TYPO3, Xoops, Zen Cart
8-03-06
AccountLab Plus,
Coppermine Photo Gallery, Crafty Syntax Live Help, Drupal,
Gallery, Geeklog, Moodle, Nucleus, phpBB2, phpCOIN, TYPO3,
Xoops, Viper Guestbook
Updated
7-02-06
AccountLab Plus, Joomla, Mambo, Open Source, WordPress
Updated
6-30-06
B2Evolution, WebCalendar, ZenCart Updated
5-13-06
4Images Gallery, AccountLab Plus, Drupal, phpAdsNew Updated
5-08-06
SiteBuilder Upgraded PLUS 92 New Templates!
3-17-06
Online Software Upgrades
3-03-06
Shared Secure Cert. Updated
3-03-06
Online Software Upgrades
1-31-06
Online Software Upgrades
1-24-06
New SiteBuilder Templates
1-23-06
SiteBuilder Upgrade
1-11-06
Online Software Upgrades |
|
|
| |
Are Hackers
Hacking Your Website?
Do You Want to
Stop It Cold?
Would you...
 |
Would you leave your computer out
on the street
curb for
anyone to use? |
|
|
Of course
not. Yet your web site is not just
on the street curb, it's in thousands of
homes and thousands of businesses
in countries all over the world.
Normally this is a good thing...
But considering that your web site is also
inside of hackers houses and hacker clubs it
can get a little scary. |
|
|
|
Hackers
use "doorways" into your website... |
|
|
A hacker can exploit your web based programs
in ways that were unanticipated by the
software author. Don't be fooled, many
hackers are intelligent and know exactly how
to exploit the vulnerabilities of your web site.
These vulnerabilities can lead
to...
- The shut down of YOUR
web site,
- Black listing of YOUR
web site by hosting companies,
- Black listing of the
entire server you are located on,
- Theft of valuable
information from YOUR web site,
- Loss of time for YOU and
YOUR business,
- Bad publicity for YOU
and YOUR business,
- Etc.
Just some of the things they can do
include...
- Send Mail Bombs from
YOUR domain
- Send SPAM from YOUR
domain
- Steal passwords or other
sensitive information
- Etc.
|
|
|
|
You
ask, "How do I protect myself?" |
|
It's best to
take an active role
in protecting you and your web site
from harm. The
following tips are strongly recommended...
|
Do
This! |
Examples and Explanation |
Remove
executable software
that is
just "sitting
around." |
Many hosting companies provide free
programs that are either already installed on your account, or you
install via a Control Panel. You may also have at some time
installed some web based software.
If you aren't using one of these online
programs - TURN THEM OFF!
You can do this by either deleting
them if you no longer need them or by "chmoding" via your FTP
software all ASP, CGI, PL, etc. to 644 which will prevent a
program from running.
If you aren't using some online
software, you might also consider downloading the software to
your local PC and then deleting the online version, this way you
would have a backup in case you needed to use the software in
the future.
|
|
Change
your passwords often.
|
We all know changing passwords can be a
pain, but it's one of the best tips we can give to you.
It's better to frequently change your
passwords than to one day find your website shut down because a
hacker broke in or used some of your online software in a devious
manner.
|
|
Use
firewalls & anti-virus
on your local PCs.
|
We can't say it enough how important it
is to run firewall software on your local PC. We also
encourage updating your anti-virus software at least twice or more a
month. So many times we have
seen passwords stolen because someone had a virus on their local PC.
Some viruses are called "back door"
viruses that allow someone to use your computer, while you are
online, to perform their hacking attempts elsewhere. This
has the effect of appearing as if you are the one doing the
hacking.
Use Firewalls and Update Your
Anti-Virus Often - Before It Turns Into a Regret!
Click for our PC based recommended software
|
|
Update
your online
software often.
|
Periodically check for updates for any
web based software you have either installed or someone has
installed for you. Always
update your online software especially when
a security updates is released.
|
|
Developed Software
VS "Home-Grown"
Software. |
You may want to consider purchasing or
using web based software that is continually updated rather than
building your own web based software.
As long as the web based software is
being continually updated, they are usually adding security updates
as well as additional features.
|
|
Password
protect online folders. |
Too many times we see online folders
that aren't password protected.
Don't rely on the software provider to
explain the security risks. It's best to password protect any
folder that has setup files or admin files or log files or etc.
|
|
Turn Telnet
off. |
Many web hosts provide Telnet for your
account. If you don't use Telnet, ask your hosting company to
turn it off. It's one tool a
hacker has to try and "work" on your site.
Telnet is turned off by default on
ActiveWebHost.com servers.
|
|
Put
CGI / PL
/ PHP /
etc. only in
the cgi-bin. |
Why do most hosting companies only allow
programs such as CGI to be ran/executed from within the cgi-bin?
For security reasons from hacking attempts.
If your host allows you to run CGI
outside the cgi-bin, it is strongly recommended to keep the CGI
within the cgi-bin for your protection.
|
|
Place an index.html
in every folder.
|
Create a blank index.html file for EVERY
folder. Otherwise, if a hacker finds one of your folders, they
can usually see all the other files within that folder via the
browser. So put a blank
index.html file in every folder to prevent this basic hacking
attempt from happening.
This is especially important for
folders like /images /orders /admin etc.
You might also set the html file to
redirect them to your home page with the following code between
the <head> </head> commands...
<meta http-equiv="refresh"
content="0; url=http://www.yourdomain.com">
|
|
Log 404's |
404's are generated when someone tries
to visit any page on your website that doesn't exist. Usually
most of these are innocent from people that are coming from search
engines to pages that no longer exist.
However, hackers know what pages exist
for 1,000's of programs you can install on your web site.
They look for these pages via
automated software and their software logs this information for
them to come back to your site later to attempt to use the web
based programs in ways you haven't anticipated.
You can log 404's via web based
software you can install or your host may already provide this
information.
ActiveWebHost.com clients can view
this information by using their Control Panel under "Stats" and
then "Error Log."
This report will also show images
that aren't loading, missing files, and is helpful for debugging
web based software.
|
|
Have
a Security Audit |
You can also find web technicians that
will perform a security audit for your web site and your online
software looking for updates, finding potential problems, offering
suggestions, etc.
We are more than glad
to help, why not let our experts check your website security.
Let us hear from you!
|
|
Don't be a victim!
Protect Yourself TODAY! |
|
|
--
Other Must Read Articles --
Click Here to Order Now!
This information is Copyright ©
2002-2006
ActiveWebHost.com
Permission is NOT granted for any use by another hosting company.
If you wish to use this article on your website, newsletter, etc.
you MUST obtain permission
first.
We will pursue any claims necessary to enforce this copyright.
None of this information
is legal advice. Use this information at your own risk.
|
|
|
