Advice on protecting a new website
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Advice on protecting a new website

  1. #1
    Member
    Join Date
    Jul 2003
    Posts
    36

    Question Advice on protecting a new website

    Hi everbody (Hi Dr. Nick !!!)

    I was wondering if you could offer me your sage advice with regards to a new website I'm putting together. I'll give you a bit of back ground info to set the scene...

    I've been interested in web design for some time and have finally (within the last week) got round to having a dabble in some really basic html to create a basic web site. I live in England and my ISP is NTL. With the account I hold with them I get an allocation of webspace free, so I'm interested in creating a site that will help me keep in touch with relatives living in South Africa. I'm thinking of putting on some pictures, updates about what I'm up to and so on, and they can call in from time to time to see what's up.

    I've got as far as actually uploading the page I've created to the webspace so other people can access it over the web. Being an avid reader of this site I'm well aware of the hi-jinks and tomfoolery that skiddies can get up to with regards to websites, and although I'm fairly knowledgeable with regards to securing my PC (i.e. us of firewall and antivirus, spam filtering, deploying patches etc) I know nothing whatsoever with regards to securing web sites (against defacement, automated email harvesters etc).

    Could anyone give me any advice as to how to get started on learning about this subject ? I realise that trawling through sites that I've "googled" might be the best, but given the level of knowledge some of the members here seem to have I thought I'd ask the experts directly first (such a kiss-@ss I know )

    If anyone has any advice I'd be grateful if they'd share it - Cheers and "big up" to all the AntiOnline massive

  2. #2
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    The basic answer to your question is that there's nothing you can do, for the simple reason that you don't have access to the server itself: it's NTL's responsibility to keep the server-software up to date, to patch it, to secure it...

    I don't know if you want those pictures to be publicly accessible, but if you don't you might want look into .htaccess and .htpasswd to prevent unauthorized access to those files.

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    You don't have to secure that site as it hosted on your isp's server. Only if you want to host a site on your own computer you have to deal with security. Well secure coding is always important but this is clearly not an issue as the content is limited to html.
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

  4. #4
    Member
    Join Date
    Jul 2003
    Posts
    36
    Negative, el-half,

    Thanks very much for your replies. I guess as NTL will have total control over my site's security I will have to consider a few things. First I'll have to look for information on their track record security wise, and second if I want to take total control over the security aspect of my site it seems as though I will have to go the whole hog and look into hosting it myself.

    As I don't know anything about hosting, am I best off just doing a google search to learn about what is involved ? Or are there any A/O tutorials/other info available that I could have a look at ?

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    There are different types of hosting you can choose from.
    The cheapest is basicly the same as you have now. A hosting provider will supply you with some (limited) webspace. The provider will take care of securing the box. Some providers (with/out extra costs) will also supply you with a database backend (MySQL, MS-SQL etc) so you can create dynamic content.

    The most expensive is dedicated hosting. With this you can rent a server or put up your own. Then you have total control over the security, content and configuration of the site and the server.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    Here are some things you might want to consider:

    - Is hosting it yourself worth it? Are you willing to sacrifice a machine, and bandwith?
    - Do you think you could do a better job securing your server than the people at NTL do with their own servers?
    - Since most (if not all) of your content is going to be HTML, there's no code to exploit.
    - Are you willing to pay for a domain name? For a static IP? Are you willing to sacrifice your family's comfort by redirecting them from IP to IP? ...

    It's not worth it at all, imo.

  7. #7
    Senior Member
    Join Date
    Jun 2004
    Posts
    281
    I want to take total control over the security aspect of my site it seems as though I will have to go the whole hog and look into hosting it myself.
    Well let me tell you this it isn't an easy task. I have both hosted my own and used (still use) hosting.

    I know how you feel, you want to start out doing everything youself. Well let me tell you alittle hint that will help you. First Rome wasn't built in a day and secondly get good at one thing before you try and move onto another aspect of computing. It is all about baby steps and building upon your growing knowledge.

    - MilitantEidolon
    Yeah thats right........I said It!

    Ultimately everyone will have their own opinion--this is mine.

  8. #8
    Member
    Join Date
    Jul 2003
    Posts
    36
    Thanks again to everyone that has posted, just this quick series of discussions has already boosted my knowledge of the subject. I agree it appears the amount of effort involved in actually physically hosting my own site will be excessive as opposed to simply uploading files to webspace.

    One comment that made my ears ***** up was this:

    Originally posted here by el-half
    Well secure coding is always important but this is clearly not an issue as the content is limited to html.
    This leads me to a few more questions:
    1) What represents "well secure coding" ?
    2) What sort of site content would necessitate "well secure coding" ?

    Cheers again everyone

    Dom

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Originally posted here by domtheboy
    2) What sort of site content would necessitate "well secure coding" ?
    Any site that uses one of the scripting languages (asp, php ie.) to serve dynamic content.
    Especially if you use a database backend to collect/modify the data that makes up the dynamic content.
    It's the one thing that bites nearly every newbie (no offence ) website developer.
    Google for SQL-injection if you want to know more about it.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    If there is no executable content on it, and no private data, your main concern should be local security on the machines you use to update it. It look like you have that sorted.

    Once you start to use server-side stuff like PHP, then the interesting bit starts (as stated by other posters).

    I don't believe Bolton is that sunny, BTW.

    Slarty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides