How to protect your website from hackers?

In today’s technological world, everything has been easy. When technology has delivered its own good, it has brought with it some disadvantages too. For instance, hacking. If used for the right purpose, hacking can be of advantage. But when people try to take the benefit out of it, it can effect the one’s who try to make a living. People create own websites in order to market their products. Definitely having a site of own can help in getting more customers. But then, when a website is launched, there awaits a hacker to get in. There can be a hack attack if you haven’t taken enough care. What do you do? How to do you get rid of this menace. Well, then here is the answer.

There are different types of hacking. The common type among them is the cross site scripting. This type of hacking can be done in many ways. Stored, reflected or DOM based. Well, I think its better we deal on how to protect against this type of hack than going deeper into what it is. The best way to deal with this is to ensure that you validate all inputs to your site. Validate inputs like page header, cookies, hidden fields that are used in forms etc. Site owner use web forms for subscription to gather emails from users. So validate such inputs against expected input types. Always use HTML script in order to avoid any unwanted script elements. The best way would be to validate against what is allowed rather than what is not.

Let’s see the second type in the hacking list. It is called Google hacking. You may know that search engines provide lots of different tools to track site rankings and you may be aware that Google hits the list for this reason. It is on top of the list both for hackers as well as website owners. Now what is Google hacking? Google hacking simply refers to the techniques used to gain access to unauthorized information through advanced search queries.

Here searching sites are employed by Google hacking using logical operators, special characters, and operators such as cache, link, site, inurl and others. Web masters put important data on their servers which will in turn enable access from anywhere. Such kinds of documents are kept inaccessible but still it is easy to get access to such pages. Actually here, the documents must be specified in the robots.txt file. If not, the search engine spider will index all the documents on a particular site. Then search engine queries will make the documents available to the public. Advanced queries like filetype:doc will search all the word doc files available on the servers.

Now how to protect against such threats? Well, the first thing you got to do is to avoid storing of sensitive data. If necessary, you can use robots.txt file to avoid indexing of such documents.

For instance: User:
Disallow: /documents

What this instruction does is, it will not allow the search engine spider to index the contents of folder “documents”. Similarly there is an alternative way if you do not want the search engine to index that page. Use the Meta tag “meta name=’SPIDERNAME’ content=’NOARCHIVE’ ” on individual HTML pages. Remember to put the correct spider name of search engine.

One more important thing I have to suggest you here is, you must check your server whether directory listing is allowed. In Directory listing the contents of directory can be seen by anyone just by typing in the website address and existing folder name. After you type in the website address and folder name and you are able to see the contents then you should contact the host and make sure it is disabled.

Well, whatever is the case, hacking cannot be completely stopped. But the tips in today’s post can take a step towards minimizing it. In the coming posts I must provide you with tips on protecting blogs from hack threats. Stay tuned as I have more for you in the future.

If you enjoyed this post, make sure you subscribe to my RSS feed!

January 8, 2008 | Filed Under Featured, Hacking, Tips n Tricks