WebSite Protection
Results 1 to 9 of 9

Thread: WebSite Protection

  1. #1
    Junior Member
    Join Date
    Apr 2002
    Posts
    8

    Question WebSite Protection

    Hi dear friends

    Here I am asking you a question, if this is already discussed then please tell me where I can find it. If not then please respond.

    I am going to run a web site on IIS. And I need to know what are the ways an intruder can hack my site. I am not running an FTP server and I have also denied the folder listing, as I read some articles here. Tell me more about the subject. I am not in a mood to let the people hack my site and I need your help in this regard. If more details you need then please tell me so, and I will provide the details too.

    Thanx a lot in advance!!!
    Cheers
    Have a Bang
    Xing

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    681
    first thing you need to know... if you have a properly set up fire wall on a server, you would be fine.... but odds are, no one is going to hack you... just keep all unnecessary ports closed and such
    Learn like you are going to live forever, live like you are going to die tomorrow.

    Propoganda

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Location
    Ireland
    Posts
    735
    Since you are using IIS you are probably using some kind of Windows version. I would advice you to download TPF (Tiny's Personal Firewall) at http://www.tinysoftware.com.

  4. #4
    Junior Member
    Join Date
    Apr 2002
    Posts
    8

    Cool

    Well!! That's a fair bit of explanation. Does that mean a Firewall combined with the restriction on th ports will be enough to protect the site?

    If that is the case then I am wondering that why so many sites are being hacked??

    If any body can suggest me the good reading on the website security??

    That's a useful discussion. I am really getting towards something. Thanx you lot!
    Have a Bang
    Xing

  5. #5
    because thats just something to get clueless "script kiddies" out of your website. Its still possible that just cuts alot off...

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    181
    The first question I have to ask, is what kind of website are you going to build? Is it a static or dyamic site.

    If site is static, then it's alot easier. Only open the ports you need, keep everything patched, use strong passwords etc.

    If you are developing a dyamic site, as attacks on the web site it's self go through port 80 (assumming that the web server is running on 80) which has to open for other to view your site, there are way to take control of the webserver via the web application, this will depend on what you are using. Therefor bypass all the firewall rules etc.

    However you are going into a very big topic here, so it would be best if you have a look at www.owasp.org they have a very good document on securing web applications. Also have a look at www.securityfocus.com for a list of current vulnerabilities on the system you are using.

    Hope this helps

    SittingDuck
    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    if your running iis right out of the box, that is without adding the patchs don't worry about a FW, it wont help.

    Apply all patchs and hot fixs.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #8
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    Definitely keep the patches and fixes up to date AND you should try re-directing traffic that goes to port 80 or change that port to 8080. Either way, you definitely need to keep up-to-date with new versions, patches, or anything!
    Space For Rent.. =]

  9. #9
    Senior Member
    Join Date
    Oct 2002
    Posts
    181
    Spyder32: why apart from avoiding nimda scans would you wont to change your web server of 80 or 443(if you are using SSL).
    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides