Maintenance Web, Web Security
Sadly, it is not uncommon to hear of a site that has recently been hacked. Google frequently has to deal with sites that get hacked and code gets injected into the site. If that happens, Google sometimes has to delist the site from showing in their index, because it harms the quality of their search results.
..
So what does Google recommend? Googler, Berghausen, gave one user this advice:
- You’re running Apache. Check all your .htaccess files for code that doesn’t belong there. Get rid of it.
- Look for scripts [usually php] that you did not write. Get rid of those, if you can..
- ..
…
Full article: http://www.seroundtable.com/archives/016096.html
License: Creative Commons Attribution 3.0 United States
Indexed in June 2008
Related Info Web
CMS, Joomla and Mambo, Maintenance Web, Web Security
Last April Fools I made a joke that my website was hacked and turned upside down. When your website is really hacked, there’s nothing funny about it.
Joomla! is a great CMS that is used worldwide. For this reason, hackers often try to find a way to hack a Joomla! website. Here are 7 tips to optimize your Joomla! security, preventing your Joomla! website getting hacked..
..
Remove version number / name of extensions
Most vulnerabilities only occur in a specific release of a specific extension. Showing MyExtension version 2.14 is a really bad thing. You can modify this message to only the name of the extension by doing the following:
- Retrieve all files of the extension from your server.
- Open up Dreamweaver.
- Load any file from the extension that you just downloaded to your local machine.
- ..
…
Full article: http://www.marcofolio.net
License: Creative Commons
Indexed in June 2008
Related Info Web
Maintenance Web, Web Security
Now that PCI 6.6’s supporting documents are finally released, a lot people are jumping on the “Well, we’re getting a Web Application Firewall” bandwagon. I’ve discussed the Pros and Cons of Web Application Firewalls vs Code Reviews before, but let’s dissect one more objection in favor of WAFs and against code reviews (specifically static analysis) …
This is from Trey Ford’s blog post “Instant AppSec Alibi?”
Let’s evaluate this in light of what happens after a vulnerability is identified- application owners can do one of a couple things…
- Take the website off-line
- Revert to older code (known to be secure)
- Leave the known vulnerable code online
..
There are two huge flaws in Mr Ford’s justification of having WAFs as a layer of defense.
1) Web Application Firewalls only address HALF of the problems with web applications: the syntactic portion, otherwise known in Gary McGraw speak as “the bug parade”. The other half of the problems are design (semantic) problems, which Gary refers to as “security flaws”..
…
Full article: http://securology.blogspot.com
License: Creative Commons Attribution 3.0
Indexed in June 2008
Related Info Web
Maintenance Web, Web Security
If you answered YES to that, you’re dead wrong my friend. Let me prove it to you by giving you real true-to-life examples.
..
First of, what’s a “Disaster and Recovery Program”?
It’s all about a business owner’s plan of actions, systems and procedures that ensures business continuity when disruptions and disasters arise in the normal course of business.
..
These disasters have ruined too many online businesses in the past. And my websites are not spared as well. Believe me when I tell you that it happened to my websites many times even on my own dedicated server! It only shows that disasters do happen and even your webhost sometimes cannot do anything about it.
Website hacking and defacing, viruses and worms, server crashes, server hardware failures, datacenter fires, network failures, electrical faults, technical support errors, long recurring service downtimes and other website disasters can immediately put you out of business. And that’s just one of the effects. Not to mention loss of face, loss of opportunities and loss of time.
…
Full article: http://www.articlesbase.com
License: Creative Commons License
Indexed in May 2008
Related Info Web
Domain, Maintenance Web, Web Security
A couple days ago while I was at a conference news came about that Network Solutions was hijacking unused customer subdomains to post links to their other websites. It is getting really hard to trust *many* online service providers.
A big tip for new websites is to use the www subdomain and 301 the non www version to the www version, for 3 reasons;
- If some nefarious group tries to add subdomains to your site you can easily spot them with a Google search for site:mysite.com -site:www.mysite.com (you could subtract other subdomains if you liked as well, likeso)..
- ..
…
Full article: http://www.seobook.com
License: Creative Commons Attribution 3.0 United States
Indexed in May 2008
Related Info Web
Web 2.0, Web Security
Web 2.0 is causing an explosion stretching the boundaries of what web sites can do. And in the rush to add features, security seems to have become an afterthought, both for participants as well as developers..
..
- Data modification or destruction of messages or data in databases, both intentional as well as unintentional.
- Illegal modification of programs
- ..
…
Full article: http://www.wyrdweb.eu/web-20-security-issues
License: Creative Commons
Indexed in May 2008
Related Info Web
Ajax, Web Security
If you have Javascript turned on, can a website upload files from your computer without your knowing it? Try any AJAX-based email website, such as Google or Zimbra. Attach a file using the textbox, no dialog, and send the email. If this code can upload a file, then why can’t AJAX do the same internally, without the usual social amenities such as asking for your approval?
…
Full article: http://opencomponent.blogspot.com
License: Creative Commons
Indexed in May 2008
Related Info Web
Ajax, Client-side Scripting, Custom Programming, Web 2.0, Web Security
JavaScript is now main stream, thanks to the popularity and extensive acceptance of AJAX. In fact, AJAX is considered to be a core part of Web 2.0.
..
Security makes it difficult
Various new web frameworks have come up which allow easy AJAX integration and build sites quickly. However, if the different vulnerabilities are considered, it is not easy any more. Consider the cross-site scripting, cross-zone scripting or the new dangers of JavaScript.
…
Full article: http://ifacethoughts.net
Liense: Creative Commons
Indexed in May 2008
Related Info Web
Ethic, Legal and Copyright Issues, Web 2.0, Web Security
Today, I was at the IEEE Web 2.0 Security & Privacy Workshop, where I presented a short position paper on extending the web browser to enable secure private-data mashups. I started the day not sure what to expect: maybe a day-long complaint about how web 2.0 concepts are insecure and we need to stop and think, or a slew of interesting new proposals. I had purposely ignored the posted papers: I wanted to get the authors’ pitch first.
My conclusion: academics have just crashed the web security space. The amount of interest is exploding, the level of knowledge has vastly increased..
…
Full article: http://benlog.com
License: Creative Commons Attribution-Share Alike 3.0
Indexed in April 2008
Related Info Web
Maintenance Web, Web Security, Weblog (Blog), Wordpress Blog
As one can guess from the look of this site, I’m using WordPress as my blog engine. At this time WordPress does not support HTTPS access to the admin area when the rest of the blog is served via normal HTTP..
..
The Plan
- Add an HTTPS virtual host that forwards requests to the HTTP virtual host
- ..
…
Full article: http://blog.blackdown.de
License: Creative Commons Attribution-Share Alike 3.0 Unported
Indexed in April 2008
Related Info Web
