ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Website hacking - tools to help spot issues

<< < (3/4) > >>

Carol Haynes:
Is there any way to restrict write access to the server to a whitelisted IP list?

wraith808:
Just looking at that MySQL stuff (thanks 40Hz) and I am coming to the conclusion I don't want to do this anymore - too much stuff to learn to be able to be effective and no inclination to learn it.

All I want to do is run a few websites for local people I know and friends and not have to cope with bastards constantly attacking and disrupting everything.

So frustrating!!

Be far simpler in the long run to go back to hand coding pages in HTML without using any scripting languages!!!
-Carol Haynes (May 21, 2014, 08:20 AM)
--- End quote ---

Does Joomla have extensions/plugins for security?  I do the same thing- but Wordpress is my platform of choice.  I just use a few standard wordpress plugins and lock it down and it seems to work well.

How are the admin pages setup?  You can whitelist the IPs in a .htaccess that have access to the admin URL (if it's a separate URL) using regular expressions (I think).

wraith808:
Looks like an excellent link that might have some ideas for you:

http://www.askwebhosting.com/article/89/How_Does_A_Server_Admin_Handle_An_Abuse_Issue.html

Specifically, point 4
4. Login to WHM (Web Hosting Manager) and click on "Contact Manager" under "Server Contacts" menu. Make sure you placed "2 or 3" on Alert Priority Assignment right beside "Recently Uploaded Cgi Script Mail". This will email you on a daily basis (if there are uploaded pages or scripts) that are set to use your smtp or mail on your server which could be the source of spam abusers to send out spam using your ip addresses. Setup a filter for it and it always is prefixed on the Subject: "[newmailcgi] Recently Uploaded CGI scripts" take note that even php form mail that are insecuredly setup to send spam are also reported to your email address setup as contact manager on your server's WHM. Make sure to actively monitor this and when it happened to give ample warnings to the user who uploaded this.

--- End quote ---

40hz:
Just looking at that MySQL stuff (thanks 40Hz) and I am coming to the conclusion I don't want to do this anymore - too much stuff to learn to be able to be effective and no inclination to learn it.

All I want to do is run a few websites for local people I know and friends and not have to cope with bastards constantly attacking and disrupting everything.

So frustrating!!

Be far simpler in the long run to go back to hand coding pages in HTML without using any scripting languages!!!
-Carol Haynes (May 21, 2014, 08:20 AM)
--- End quote ---

With you 100% on that.

If I ever do up another website for myself it will definitely be hand-coded HTML and some well crafted CSS. No scripting language wanted or needed, thank you very much!

wraith808:
Even with hand-coded HTML, if someone is intent on doing it, they can do it.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version