Home | Community | Message Board

MagicBag Grow Bags
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: Unfolding Nature Unfolding Nature: Being in the Implicate Order   North Spore Injection Grain Bag   PhytoExtractum Kratom Powder for Sale   Bridgetown Botanicals CBD Concentrates

Jump to first unread post Pages: 1
OfflineGypsy Boy
Redeemer
Male


Registered: 03/17/17
Posts: 4,501
Loc: Deep in the discoteka
Last seen: 2 months, 24 days
How do you protect a website?
    #26667962 - 05/13/20 05:00 AM (3 years, 8 months ago)

From hackers and spammers?

My website doesn't have log in or user registration. Everyone is free to post as guests.

I dont have captcha or ip recording.

I would leave it as it is but there always be a douche bag who will try to ruin fun for everyone else. I was told to look out for "injection" SQL attacks?

And anything i can do about bots/spammers?


--------------------





Extras: Filter Print Post Top
Invisiblenooneman
Male

Registered: 04/24/09
Posts: 14,555
Loc: Utah
Re: How do you protect a website? [Re: Gypsy Boy]
    #26667994 - 05/13/20 05:33 AM (3 years, 8 months ago)

For bots and spammers, you'd need accounts with user registration, captcha and probably ip logging. If you use an SQL database, then you need to be careful not to have any security vulnerabilities that will allow access to the database, like "injection" attacks.

You'd have to be familiar with security vulnerabilities in software (and in website related software especially) and you'd need to know how to code in whatever languages your website uses in order to be able to check your website for security problems and solve them. If you're not intimately familiar with those, then there's not a lot you can do.

Even if you're a good coder familiar with security, it's still very likely that you'll have some security vulnerabilities. That's just the nature of modern software and computers. My advice would be to keep good backups in a physical form (like a usb drive, etc.) that are not connected to the internet, and be prepared to wipe your website and restore from backups if something happens to it.

Also I would advise against storing any sensitive information on your website whatsoever unless you're really very good with coding and security. In which case all that stuff should be end to end encrypted for starters.

Oh, one universal and actually useful piece of advice: always keep all the software your website runs 100% up to date. The moment a new version is released of anything your site uses, your site should be using the newest version the same day.


Edited by nooneman (05/13/20 05:34 AM)


Extras: Filter Print Post Top
OfflineGypsy Boy
Redeemer
Male


Registered: 03/17/17
Posts: 4,501
Loc: Deep in the discoteka
Last seen: 2 months, 24 days
Re: How do you protect a website? [Re: nooneman]
    #26668207 - 05/13/20 08:22 AM (3 years, 8 months ago)

Thanks for help dude

I finally did it, i completed my website. A month of hard work.

I noticed that my host displayed a lil padlock that says connection secure.

I kinda wonder if my web host already did all the hard bits about protecting their clients :gethigh:


--------------------





Extras: Filter Print Post Top
Invisiblekoraks
Registered: 06/02/03
Posts: 26,667
Re: How do you protect a website? [Re: Gypsy Boy]
    #26668249 - 05/13/20 08:54 AM (3 years, 8 months ago)

Quote:

Gypsy Boy said:

I kinda wonder if my web host already did all the hard bits about protecting their clients :gethigh:



No, it just means your site uses ssl. Any vulnerabilities are still all yours to resolve. If you've made something with php+mysql and you did not explicitly take measures against e.g. sql injections, odds are that your system is extremely vulnerable. This is a risk not only for your site, but also all other clients using the same server (which can be hundreds).


Extras: Filter Print Post Top
Invisibledeadwk
00101011


Registered: 06/17/09
Posts: 8,890
Loc: Canada, eh? Flag
Re: How do you protect a website? [Re: koraks]
    #26684526 - 05/20/20 11:14 PM (3 years, 8 months ago)

There's a lot of different ways you can do this. There's stuff like snort to sit in-front of your website and be able to prevent some form of attacks, as well as stop port scanning attempts, etc...

You might also want to look into WAFs (Web Application Firewalls) like suciri. Cloudflare also offers WAF .  If you're storing user account information you'll want to make sure you store password in your database after hashing them using bcrypt.


Extras: Filter Print Post Top
Offlinechibiabos
Cosmic Pond Scum
I'm a teapot User Gallery


Registered: 03/16/17
Posts: 4,180
Last seen: 10 months, 9 days
Re: How do you protect a website? [Re: Gypsy Boy]
    #26684598 - 05/20/20 11:55 PM (3 years, 8 months ago)

Quote:

Gypsy Boy said:
From hackers and spammers?

My website doesn't have log in or user registration. Everyone is free to post as guests.

I dont have captcha or ip recording.

I would leave it as it is but there always be a douche bag who will try to ruin fun for everyone else. I was told to look out for "injection" SQL attacks?

And anything i can do about bots/spammers?



Just try learning the basics of network science and what tools are out there in your free time.  It's probably a lot easier to understand than most people make it out to be and it's not like you're trying to break new ground in computer science.

Like I said in your GPG thread, man pages and Google are your friend.  Try using "info" instead of "man" too.  If you're on a Linux system then there's already a lot of documentation that comes with your software.


Extras: Filter Print Post Top
OfflinePTreeDish
Male


Registered: 04/22/18
Posts: 353
Last seen: 3 months, 14 days
Re: How do you protect a website? [Re: Gypsy Boy]
    #26691003 - 05/23/20 06:57 PM (3 years, 8 months ago)

Hackers and spammers are looking for low-hanging fruit.

Here are a few things I would check out and look for:

    * I advise against running your own host if you're just running a small website. A mainstream shared hosting provider will generally be more equipped to ensure the OS and all running software is patched and updated.
    * If you are using WordPress or other backend, you should ensure you're using the lastest stable version and that you have some way of being alerted when a new version is available.
    * Add a captcha to any publicly accessible forms to deter spam bots. I like reCAPTCHA but there are others.
    * Check out Akismet for added spam detection.
    * If using 3rd-party plugins, make sure they are reputable and keep them up to date.
    * Exercise the Principle of least privilege when granting any user or integration access to your app.
    * Use https://www.cloudflare.com/plans/ Free plan for ddos protection and free CDN.
    * When using open source software, try choosing projects which have a lot of contributors and are actively maintained.


Quote:

I was told to look out for "injection" SQL attacks?




SQL injection attacks happen when your app doesn't properly sanitize input data. A malicious user can sneak in a SQL-based database command, such as DROP DATABASE, and because your app didn't properly escape the data, it interprets and executes the SQL statement literally.

This is one of a myriad of other security vulnerabilities that new developers have to learn about when rolling their own software. Most major CMS (like WordPress) are pretty well secured from SQL injection attacks at this point, provided you are using an updated version.

Would you feel comfortable sharing what your website is running behind-the-scenes? That would help us give you more precise advice.

Kudos to you for addressing this now when the stakes are low.


Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: Unfolding Nature Unfolding Nature: Being in the Implicate Order   North Spore Injection Grain Bag   PhytoExtractum Kratom Powder for Sale   Bridgetown Botanicals CBD Concentrates


Similar ThreadsPosterViewsRepliesLast post
* Tor Users Might Soon Have a Way to Avoid Those Annoying CAPTCHAs tdubz 474 0 10/02/16 10:40 PM
by tdubz
* How to enable captchas on TOR browser? Celestial Traveler 28,379 2 11/11/13 12:27 PM
by luckytriple6
* password protected proxy afoaf 823 1 02/25/03 05:09 PM
by afoaf
* Reformating My computer. what steps would you take to protect it?
( 1 2 all )
kadakuda 3,011 25 04/05/05 09:47 PM
by OJ
* NSA Bugged Website Visitors Despite Ban DiploidM 535 0 12/31/05 06:50 PM
by Diploid
* making a website daussaulit 697 2 07/28/05 07:11 PM
by automan
* Post deleted by Administrator
( 1 2 3 all )
Alien 8,905 51 11/12/02 04:21 PM
by Anonymous
* Learning to create websites? DistortedEyes 1,062 13 10/31/05 02:25 PM
by ThePredator

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
513 topic views. 0 members, 0 guests and 2 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.028 seconds spending 0.008 seconds on 14 queries.