| Understanding common website attacks; Why is your site getting hacked? |
 |
| Information - News |
| Saturday, 09 January 2010 19:30 |
It is imperative for every website owner to understand something about website security. Even though we as a web hosting service supplier do everything we can to provide a secure web hosting environment, the weakest spot is commonly the doors you leave open in various scripts you use for your website. The most common website attacks are Cross Site Scripting (XSS) and SQL Injection. A Cross Site Scripting attack is looking for vulnerabilities in your website code, commonly where user input is requested, such as in forms. If such vulnerability is found, the attacker will attempt to inject a script into the web page which allows the attacker to get access to sensitive content, session cookies, or other information kept in the users browser. This can be used for example to hijack a customer’s identity during an e-commerce session. There are several actions you can take to protect your site against Cross Site Scripting attacks. One of the most effective is that you make sure your scripts block the input of special characters typical for scripting, such as these: < > & “. You may also use a HTML Purifier that will eliminate all malicious code for you using a secure whitelist. SQL Injection is another very common attack used by hackers to steal sensitive data from companies and organizations. A hacker injects an SQL statement into a form; say a login form, in order to get access to your database. The inserted SQL command can be used to delete parts of your database or to retrieve information. The actions to prevent SQL Injection attacks are similar to the ones used to prevent Cross Site Scripting. You may want to use the PHP mysql_real_escape_string which will escape special characters in a SQL query string before it is sent to the database. You may also want to add another level between the site’s front end and the database, like PDO in PHP. In addition to this, of course you need to host your website with a hosting partner that takes web security seriously. Welcome to ServeU.net. Find a secure web hosting plan here Coming Up Soon:How to keep your CMS website safe - An article with easy applicable tips for you who own a blog or website based on Wordpress, Joomla, Drupal or similar Content Management Systems. Don't miss it - Follow us on Twitter! |
Related articles:
More News & Tips
- Easily add an SSL-certificate to your website!
- Secure your domain name – Renew it now for 1-10 years ahead
- Expired Domain Redemption price increased
- VPS and Dedicated Hosting
- How to keep your CMS website hacker-safe
- Control Panel Video Tutorials updated and better integrated
- Outgoing connections manager added for improved security
Get our web hosting news and Internet marketing tips your way: Follow us on Twitter or via RSS-feed.
Get started in a minute - Sign up now
Free Domain
We offer Free domain registration or free domain transfer when you sign sign up for a hosting account. Search Domain Now »Try the Demo
Welcome to try our user-friendly Control Panel with video tutorials contextual help.
Scripts freely pre-installed!
Launch your CMS or webshop with no hassle - we pre-install the script of your choice right away!News & Tips
Free Website Builder
Build and update your website with just a few mouse clicks. Choose from over 70 nicely designed templates and publish your website online within minutes!
The Elefante Installer does it for you
You do 1 click, and Elefante installs a web application for you, such as a phpbb forum, a Wordpress blog, or a CMS like Joomla. Choose from several categories of popular scripts to install:
Choose a Data Center close to your website's visitors
30-day Money-Back Guarantee
Try us risk free with 30-day money back guarantee. Get full refund you if you are not 100 % satisfied.
99.9% Uptime Guarantee
We guarantee 99.9 % uptime for servers and network during any 12-month period.
