How can I protect?
Which appandages are suggestive, depends on the kind of the webproject, but the following should be considered in each case:
1. Is the sourcecode of your server-side scripts public visible?
A lot of webmasters use free scripts for their websites and webshops. But the major problem hereby is, that server-side sourcecode (e.g. PHP, Perl/CGI) is public visible for everybody, also for hackers.
Security holes can be detected withing a few hours or minutes through hackers. They use search engines to find websites, which contain also the found security holes, in a simple way - with just 1 goal: Hacking a lot of websites.
This is why we advise not to use free scripts for commercial projects. If you want to use anyway free scripts, you should search for script updates every day to react as fast as possible if new security holes are found. It is a race between hackers and webmasters, who will be the faster - the webmaster with installing securitypatches or the hacker with hacking the scripts. Empiric studies tells us, that prevalent webprojects with public visible sourcecode are hacked.
2. Has the script manufacturer / programmer considered the major injection-problem?
Another very spreaded problem is, that many programmers (prevalent rookies) don´t consider injection attacks on their programming work.
Injection attacks means the introducing of foreign sourcecode over script parameters e.g. the URL. The introduced freign sourcecode can be executed on the server of the website. In this way for example, it is possible to introduce worms into websites, to spy databases and passwords, files and databases can be deleted, bulk mails can be sent over contact formulars, etc.
Because of security reasons we suggest to use a programmer with many years of experience, who consideres hack security on his programming work.
3. Does your provider support you with script-side hack attacks?
Check your logfiles continous for possible attacks and inform your provider as fast as possible if you find some hack trials. Your provider has in many cases much more possibilities to block specific script-side security holes. Ideal case were, if your provider could overtake hack monitoring for you and reacts as fast as possible if any abnormity was detected.
Our tip: Choose a provider who supports you for security cases..
4. Let your scripts check by a security-expert
With many years of experience and know-how we were glad to be at your disposal to search for security holes inside your scripts. We also can configurate your server widely secure, to minimize the corroding surface.
5. Be notified in emergency cases - as fast as possible
If your website or webshop have been hacked successfull, it is necessary to react as fast as possible, that there occures no further damage. So you should be informed as fast as possible, that it is possible to start recovery procedures immediately. Our HackAlarm-service will be at your disposal.