|
-
April 30th, 2002, 06:04 AM
#1
Junior Member
 WebSite Protection
Hi dear friends
Here I am asking you a question, if this is already discussed then please tell me where I can find it. If not then please respond.
I am going to run a web site on IIS. And I need to know what are the ways an intruder can hack my site. I am not running an FTP server and I have also denied the folder listing, as I read some articles here. Tell me more about the subject. I am not in a mood to let the people hack my site and I need your help in this regard. If more details you need then please tell me so, and I will provide the details too.
Thanx a lot in advance!!!
Cheers
-
April 30th, 2002, 05:20 PM
#2
first thing you need to know... if you have a properly set up fire wall on a server, you would be fine.... but odds are, no one is going to hack you... just keep all unnecessary ports closed and such
Learn like you are going to live forever, live like you are going to die tomorrow.
Propoganda
-
April 30th, 2002, 10:47 PM
#3
Since you are using IIS you are probably using some kind of Windows version. I would advice you to download TPF (Tiny's Personal Firewall) at http://www.tinysoftware.com.
-
May 7th, 2002, 05:27 AM
#4
Junior Member
-
December 1st, 2002, 09:30 AM
#5
because thats just something to get clueless "script kiddies" out of your website. Its still possible that just cuts alot off...
-
December 1st, 2002, 10:37 PM
#6
The first question I have to ask, is what kind of website are you going to build? Is it a static or dyamic site.
If site is static, then it's alot easier. Only open the ports you need, keep everything patched, use strong passwords etc.
If you are developing a dyamic site, as attacks on the web site it's self go through port 80 (assumming that the web server is running on 80) which has to open for other to view your site, there are way to take control of the webserver via the web application, this will depend on what you are using. Therefor bypass all the firewall rules etc.
However you are going into a very big topic here, so it would be best if you have a look at www.owasp.org they have a very good document on securing web applications. Also have a look at www.securityfocus.com for a list of current vulnerabilities on the system you are using.
Hope this helps
SittingDuck
I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"
-
December 1st, 2002, 10:46 PM
#7
if your running iis right out of the box, that is without adding the patchs don't worry about a FW, it wont help.
Apply all patchs and hot fixs.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
December 2nd, 2002, 01:18 AM
#8
Definitely keep the patches and fixes up to date AND you should try re-directing traffic that goes to port 80 or change that port to 8080. Either way, you definitely need to keep up-to-date with new versions, patches, or anything!
-
December 2nd, 2002, 01:23 AM
#9
Spyder32: why apart from avoiding nimda scans would you wont to change your web server of 80 or 443(if you are using SSL).
I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
That's a fair bit of explanation. Does that mean a Firewall combined with the restriction on th ports will be enough to protect the site?
