News:

Go to HostNed.com
Welcome.  This is a place to get user-to-user support, learn more, and share ideas.  If you can't find your answers here, feel free to ask by creating a new topic or visit the support ticket system at https://my.hostned.com :)  Have fun here!

Main Menu

Keep Scripts Updated = Keep Hackers Away

Started by Dynaweb, June 18, 2007, 10:02:47 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Dynaweb

It seems that we often get the comment from users "My site has been hacked.  My web forum index page was replaced (or erased).  Please make it so that hackers cannot get in."

The kind of problem you are experiencing often happens when you have PHP or ASP scripts on your web space that is insecure.  The server must do what the script calls for and if the script itself is insecure, then it could seriously jeopardize your data.  It is not uncommon for popular web scripts like forums, blogs, CMS scripts and others to contain vulnerabilities that allow malicious users to access or edit or delete files.  If you are using a common web script and believe it is insecure, contact the author of the script for information on applying security patches and/or upgrading to the latest version of the script.

From my experience, the most insucure scripts are:

Subdreamer
PHP Nuke
PHPBB

Although almost any popular GPL web script can be vulnerable, even the most vulnerable can be made secure.  It takes a lot of attention and research.  Again, the most important thing you can do is go to the support site for the script you are using and apply all security patches.  Also find if the script designer recommends if Register_Globals be set to OFF.  If so, disable register globlas using .htaccess file.