How to protect your site from hacking attempts?

The web is not a peacefull world, you have to know that soon your site will be a hacker target. On www.crawltrack.net, CrawlTrack detect between 500 and 10 000 attacks per day. You cannot ignore that, or one day, you will loose the control on your site!!!

You will find below some advices to help you to protect your site and explainations about how CrawlTrack could help you in that way.

1) If you use a content management script (blog, discussion board, gallery, etc.), be sure to have always the last version install.

As soon as a vulnerability is detect in a script, the author of the script publish an up-dated release to fixe the vulnerability. But in the same time that vulnerability is largely explain in a lot of site and so hackers try immediatly to exploit it on site which have not install the new version.

2) If you program yourself your own scripts, never trust an external entry.

All external entry ($_POSt, $_GET) need to be check and/or treat before usage, if not you are in a big risk of code injection or Cross Site Scripting. A search on Google with these terms will give you a lot of details information on that risk.

3) Always escape external entry in a sql query.

To avoid the risk of sql injection, you need to treat all external entry before to use it in a sql query. With php scripts, have a look on the mysql_real_escape_string() function.

4) Don't leave your web folder with a CHMOD777.

With a CHMOD 777 everybody have all the right on your folders, this could be a big risk. CHMOD 705 is usually sufficient.

5) Choose the right passwords.

Never use the same login and password for your ftp and mysql connection, if one is discover this will give access to everything!!! Choose password which is long enough and is a combination of letters, number, sign and has no signification.

6) If you use your own server, be sure to have it correctly set-up.

I will not give too much details here, but as for scripts, you have to be sure to have an up-dated version of Apache, PHP, MySQl, etc.. To set-up correctly a web server need good knowledge, you will find a lot of sites or books to help you. Be sure of what you are doing, a lot of server become spam relay due to wrong set-up parameters.

7) Always keep you inform.

There is a lot of site giving security alerts and/or advice to protect your site. The advices given here are just a minimum, and hackers have new ideas every days; so you have to keep you inform to be sure not to leave a vulnerability on your site. You have also complete books on that subject, it's why I will not give more details here. The best is to regularly check on these sites what's new to be sure not to be at risk.

How CrawlTrack will help you to protect your site from hacking attempts?

1) Detection of code injection attempts.

For each request on your site, CrawlTrack will check the URL and look for the presence of link to an other site inside the URL. For example you could have:

www.yoursite.com/index.php?site=http://www.badsite.com

In that case this will be detected as a code injection attempts and if you have set-up CrawlTrack to block the attacks, the visitor (often a crawler) will be redirected to an alert page.

It's why the best is to have the CrawlTrack tag in first place in your pages to avoid the risk to have the code injected before the reaction of CrawlTrack.
If you are using links to other sites inside your URL, you have to add these other sites to the trust sites list to avoid to have wrong attack detection. The link to add site to the trust sites list is on the tool page.

2) Detection of sql injection attempts.

For each request on your site, CrawlTrack will check the URL and look for the presence of what look like SQL query. For example you could have:

www.yoursite.com/index.php?id=a OR 1=1

In that case this will be detected as a sql injection attempts and if you have set-up CrawlTrack to block the attacks, the visitor (often a crawler) will be redirected to an alert page.
It's why the best is to have the CrawlTrack tag in first place in your pages to avoid the risk to have the sql injection done before the reaction of CrawlTrack.

3) Record of all the hacking attempts.

CrawlTrack will record all these code and sql injection attempts, and so you will have access to the list of IP used by the hackers, the date and time of attacks, the code or sql query they have tried to inject and the list of scripts for which there is a known vulnerability corresponding to these attacks. The attack list could be update by a simple click exactly like the crawler list. The only difference is that the attack list is not used to detect attack but just to give information about possible script targeted.