Hi dear friends

Here I am asking you a question, if this is already discussed then please tell me where I can find it. If not then please respond.

I am going to run a web site on IIS. And I need to know what are the ways an intruder can hack my site. I am not running an FTP server and I have also denied the folder listing, as I read some articles here. Tell me more about the subject. I am not in a mood to let the people hack my site and I need your help in this regard. If more details you need then please tell me so, and I will provide the details too.

Thanx a lot in advance!!!
Cheers

first thing you need to know... if you have a properly set up fire wall on a server, you would be fine.... but odds are, no one is going to hack you... just keep all unnecessary ports closed and such

Since you are using IIS you are probably using some kind of Windows version. I would advice you to download TPF (Tiny's Personal Firewall) at http://www.tinysoftware.com.

Well!! :rolleyes: That's a fair bit of explanation. Does that mean a Firewall combined with the restriction on th ports will be enough to protect the site?

If that is the case then I am wondering that why so many sites are being hacked??

If any body can suggest me the good reading on the website security?? :)

That's a useful discussion. I am really getting towards something. Thanx you lot! ;)

because thats just something to get clueless "script kiddies" out of your website. Its still possible that just cuts alot off...

The first question I have to ask, is what kind of website are you going to build? Is it a static or dyamic site.

If site is static, then it's alot easier. Only open the ports you need, keep everything patched, use strong passwords etc.

If you are developing a dyamic site, as attacks on the web site it's self go through port 80 (assumming that the web server is running on 80) which has to open for other to view your site, there are way to take control of the webserver via the web application, this will depend on what you are using. Therefor bypass all the firewall rules etc.

However you are going into a very big topic here, so it would be best if you have a look at www.owasp.org they have a very good document on securing web applications. Also have a look at www.securityfocus.com for a list of current vulnerabilities on the system you are using.

Hope this helps

SittingDuck

if your running iis right out of the box, that is without adding the patchs don't worry about a FW, it wont help.

Apply all patchs and hot fixs.

Definitely keep the patches and fixes up to date AND you should try re-directing traffic that goes to port 80 or change that port to 8080. Either way, you definitely need to keep up-to-date with new versions, patches, or anything!

Spyder32: why apart from avoiding nimda scans would you wont to change your web server of 80 or 443(if you are using SSL).