Monthly Archives: July 2010

//July

Another PHP tip

While it’s all well and good to spend considerable time securing your PHP applications, there is something else that you can do, or rather not do. As a PHP programmer, I see people do one alarming thing: they download and install PHP applications from questionable sources. While there are a lot of honourable programmers who offer their scripts for free, there are plenty of hackers who enjoy deploying applications that cause harm to others. I discussed this earlier, but it bears repeating: trust your source. Know your source. […]

By | July 15th, 2010|Development, PHP, PHP, PHP Articles|0 Comments

Validate your input

An important thing to consider when accepting input from users is validation. When PHP is used, powerful functions can be performed. The problem is that it can also do powerful and bad things if a malicious user is entering data which isn’t validated. Consider this: you accept input asking for a month or year. The problem is that a user decides to enter “”;rm -rf *” after the year, and in so doing could cause the deletion of your whole website. Obviously, this is not a good thing, so what to do? Data validation is the answer. As the name suggests, it validates or verifies data, ensuring that it complies to form. […]

By | July 13th, 2010|Development, PHP|0 Comments

The importance of secure PHP code

In recent days, I’ve talked about the importance of server hardening and security, but there’s another aspect of the integrity of your server that must not be ignored: PHP code. If you don’t have secure PHP code, you may find yourself the victim of numerous type of attacks, including SQL injection attacks, which as the name suggest, goes directly after your database, which in most cases is the very heart of your website or application. […]

By | July 12th, 2010|Development, PHP, PHP, PHP Articles|0 Comments

SSL increases confidence

If you run a commerce website, you’ve probably heard about SSL certificates. Depending upon the level of certificate that you have, they verify the validity of your domain, up to detailed information about your company. An SSL certificate isn’t handy just for commerce sites, however. It’s a vital website security component for any site that deals with personal information of any sort. These days, attacks on severs are commonplace, and website users are wary, especially when it comes to entering sensitive information. That’s where an SSL certificate comes in handy. It increases consumer confidence, and confidence of visitors in general. It shows that you’re serious about what you’re doing. […]

By | July 9th, 2010|Linux, Security Consultant, Technology|0 Comments

An easy way to reduce attacks

The server hardening process can be a daunting task for someone who’s new to the process, or who’s new to hosting in general. The good news is that there’s one simple way to help reduce attacks on your server, or at least its PHP applications. If you run an e-commerce site, chances are you run a CMS such as WordPress, and a shopping cart application such as WHMCS. Both of these applications, like nearly all others, have a login module for the administrators. Especially in the case of well-known programs, there are plenty of people know how to find your administrative log in panel, and that includes those with less than honourable intentions. […]

By | July 8th, 2010|Security Consultant|0 Comments

Hardening your server

Hardening your server is perhaps the best way to prevent, or at least reduce, attacks on your server. What follows is a basic overview of what you should do to harden your server. If you are not completely comfortable doing this, you should retain the services of someone who is, to avoid data loss. The key service you want to secure is SSH, as that is perhaps the most vulnerable. If someone should have access through this protocol, they would have complete power over your server, and all the sites on it. […]

By | July 7th, 2010|Security Consultant|0 Comments

Keeping your site secure

Obviously, keeping your site secure is one of your primary goals as an administrator. As discussed in an earlier post, filtering IP addresses is one piece of the puzzle. But what other aspects are there to keeping your site secure? What follows is a brief list of ideas, which will be expanded upon in future posts. The security of your server simply cannot be ignored. Too often, administrators or webmasters throw caution to the wind, and leave things to chance. It’s really quite simple, although potentially time-consuming, to secure one’s server. […]

By | July 4th, 2010|Security Consultant|0 Comments

The value of iptables

A system administrator’s work is never done, especially with DDOS attacks and other security concerns. How do you block traffic from malicious sources? With the iptables command line program, it’s quite easy for an administrator to set up rules based on IP addresses or blocks of addresses. Rather than discuss the details of the program, let’s discuss the value of installing it on your server in the first place. The rules are easy to set up, and in essence, you can easily block traffic from sources that have proven to be malicious. In theory, you could block traffic on a preemptive basis, such as refusing traffic from blocks belonging to certain ISP’s or countries. The problem with this approach is that you run a severe risk of blocking legitimate traffic. […]

By | July 2nd, 2010|Security Consultant|0 Comments