10 Tips to Prevent Hackers

Hack­ers have been around for too long, usu­ally asso­ci­ated with dark themes and “the evil side” they rep­re­sent the minor­ity of IT Gurus that just have too much time on their hands, and a touch of evilness.

Usu­ally rep­re­sented with a skull or “hor­rif­i­cally” they are iconic in a never end­ing bat­tle against inter­net crime.

Your host­ing provider should have set up your server with a cer­tain amount of secu­rity built-in. How­ever, there’s much you can do your­self to ensure your site stays unmolested.

Hack­ers play an “unwanted” yet a sig­nif­i­cant role on the net, it cre­ates thou­sands if not mil­lions of jobs, in the IT field but they are a men­ace to web­mas­ters, such as you and me alike.

Not to worry, because the fol­low­ing list of “Ten Tips” aims to tell you a lit­tle about the way mali­cious hack­ers work, and some ways of pro­tect­ing your site-and inevitably pre­serv­ing the pri­vacy of your visitors.

Ten Tips to Pre­vent Hackers

10) Com­ment Attacks

Com­ments are one of most prized fea­tures for blogs, and helps cre­ate a great rela­tion­ship between the author and the reader, and also between read­ers in the wider com­mu­nity. It would also be easy for some­one to insert HTML code that causes trouble.

You need to “val­i­date” the form input before it’s accepted, to strip out all but the most basic HTML tags, for exam­ple and also if you’re using Word­Press — you can uti­lize the “Key­word Fil­ter” to block out any harsh words that might raise an issue or two.

9) Unso­licited Instal­la­tion of Scripts

It can be dan­ger­ous to install third-party scripts and pro­grams on your web­site unless you under­stand what they are actu­ally doing. Even if you don’t fully under­stand the pro­gram­ming, you can read through the code and look for tell-tale signs such as ref­er­ences to third-party URLS.

You can also visit com­mu­nity forums such as Site­Point and Dig­i­tal­Point to ask around for bet­ter advice.

Avoid Scam/Spammy Websites

In a des­per­ate attempt to get vis­i­tors you might con­sider try exten­sive viral mar­ket­ing and other means of gain­ing the atten­tion, this may cause a few peo­ple in the wrong com­mu­nity to raise a few eyebrows.

The last thing you need as a set­tled web-master is to cause a stir amongst the wrong peo­ple. Stay away from web­sites and espe­cially forums that offer “infor­ma­tion” or “get traf­fic quick” that uses ille­gal spam lists and such.

7) Clear the Cookies!

Per­son­ally, I use a lot of pub­lic com­put­ers to blog and do other online activ­i­ties, maybe because it’s con­ve­nient or my unre­li­able ISP crashed on my once more. Inevitable there’s many, many web­mas­ters like me that use pub­lic ser­vices for either a quick access or reg­u­lar work.

Just don’t for­get to clear out the cook­ies and cache before you leave! Even if the ser­vice provider claims “no track­ing of pri­vacy” or any­thing along those lines, a quick clean before you leave wouldn’t hurt anyone.

6) Pre­vent ille­gal farm­ers’ from “har­vest­ing” your lists

Hack­ing tech­niques are used to “har­vest” email addresses, which are then used by spam­mers and other hack­ers for mali­cious activ­i­ties. If you are stor­ing email data on your web­site, for what-ever required rea­son, make sure it’s stored in a secure for­mat, such as a MySQL Database.

Most top-CMS such as Word­Press and Joomla make this com­pul­sory but there’s many self writ­ten CMS’s too. If your script sim­ply writes data to a text called “emails.txt” it won’t be long before some­one sniffs it out.

5) Make sure your files are using the cor­rect CHMOD Permissions

CHMOD File Per­mis­sions assign a spe­cific value to every file/folder on your server, which allows dif­fer­ent lev­els of access.

CHMOD Per­mis­sion range from 000 (No access) to 777 (Full access), you must decide which files get what per­mis­sions, but be warned that some third party soft­ware require higher per­mis­sions to oper­ate prop­erly. You need to bal­ance out fea­tures with secu­rity and make an informed decision.

Using a FTP you can change the per­mis­sions given to each file/folder on your server. This is vital to ensure any unau­tho­rized access to your con­tent is com­pre­hen­sively denied.

Note — Make sure your CHMOD set­tings work with your cur­rent web-hosts. Some hosts pre­vent ‘777’ for secu­rity reasons.

4) Don’t use Generic Usernames

Using com­mon words for user­names such as “admin”, “admin­is­tra­tor” or “Site Owner” can cause many impli­ca­tions because you are sim­ply mak­ing the job of the hacker’s a lot eas­ier. By using such com­mon words for your user­name, you are incred­i­bly increas­ing the suc­cess rate of the hacker by at least a few points of a per­cent­age, which is con­sider a lot where only one answer can be right from an unlim­ited range of combinations.

3) Secur­ing your Ports

To put in sim­ple words, a “PORT” is used to access data from out­side the server. It also uti­lized to trans­fer data both ways, into the server and also out­go­ing. Most of this activ­ity is behind closed doors and hap­pens auto­mat­i­cally, and only trained pro­fes­sion­als tend to play around with such details.

Nev­er­the­less, ports are con­stantly opened & closed for easy-access, for pro­grams such as a FTP (File Trans­fer Pro­to­col). This can be favor­able for any hack­ers attempt­ing to access your sen­si­tive files, so make sure any unwanted ports are ‘prop­erly closed.’

2) Updated Secu­rity Patches

If your web host­ing provider hasn’t already done so, you should check that all the lat­est secu­rity patches for var­i­ous aspects of the ser­vice are prop­erly installed. As you might know, Word­Press (self-hosted) is one of the most pop­u­lar Con­tent Man­age­ment Sys­tems out there on the market.

It is used by mil­lions– so it’s not sur­pris­ing to see many hack­ers work­ing day/night try­ing to hack it. Updates and patches are reg­u­larly released, so keep an eye out for all your plug-ins/core files.

1) Use Strong Passwords!

The num­ber one tech­nique you can pos­si­bly imple­ment. Hack­ers are experts at pro­gram­ming com­put­ers to plough through huge amounts of data very quickly. That’s the rea­son longer pass­words are more secure; the num­ber of pos­si­ble com­bi­na­tions grows expo­nen­tially with every extra char­ac­ter added.

Hack­ers employ a tech­nique called “dic­tio­nary attack” where they repeat­edly try user­name and pass­word com­bi­na­tions by run­ning through hun­dreds of com­mon words, phrases, num­bers and com­bi­na­tion them till they get lucky. It’s impor­tant you use ran­dom strings like “j@m13s(!)” instead of per­haps “jamie123”

Lastly, this can­not be a ‘tip’ instead a com­plu­sory step in set­ting up your online com­mu­nity. Make sure your “.htac­cess” and “.htpass­wrd” is prop­erly for­mat­ted with the secure CHMOD of 644. This is impor­tant and adds the best out-layer of pro­tec­tion for you and your visitors.

Go to top