justAnoob Posted April 10, 2009 Share Posted April 10, 2009 My site is almost finished. Could a hacker somehow get access to my php files on my server to alter them or upload a script to alter my site??? Just want to be safe. Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted April 10, 2009 Share Posted April 10, 2009 yes Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted April 10, 2009 Share Posted April 10, 2009 definitely. i had someone or something access my files on the server and inject hundreds of hidden links into the pages .. over 50% of my pages .. messed up a whole bunch of things. since, i have taken several precautions .. first and foremost (and what i'm sure was the initial problem), was that i now only upload using ssh2 over FTP. haven't had a single problem since. when they inject those links into your pages, it can eventually have you kicked off major search engines. Quote Link to comment Share on other sites More sharing options...
justAnoob Posted April 10, 2009 Author Share Posted April 10, 2009 users will be upload images to my site. as long as i limit the upload script to only accept image files and no to php, html, etc,,,,, shouldn't I be ok???? Quote Link to comment Share on other sites More sharing options...
Yesideez Posted April 10, 2009 Share Posted April 10, 2009 Bottom line is if someone has enough know-how and determination they'll get in no matter what you do. All you can do is implement the best measures you can to make it so difficult that people will give in. Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted April 10, 2009 Share Posted April 10, 2009 there are many issues - is your database secure, are your queries open to injection, do you use user submitted data to include files... there isn't enough time in the day to discuss every potential security flaw and how to best protect your site - you will have to keep good backs - log what people are doing and what they are submitting to your site and monitor - if you identify a problem see how it happened and plug that hole. Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted April 10, 2009 Share Posted April 10, 2009 users will be upload images to my site. as long as i limit the upload script to only accept image files and no to php, html, etc,,,,, shouldn't I be ok???? make sure to set proper directory and file permissions. chomd() is a start. Quote Link to comment Share on other sites More sharing options...
dadamssg Posted April 10, 2009 Share Posted April 10, 2009 where is the best place to start learning how to use ssh2?? i have a site thats almost finished as well, and ive protected against user input, but have no idea where to start to make sure people/computers can access my files Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted April 10, 2009 Share Posted April 10, 2009 first off, your hosting provider has to offer ssh2 access .. there are other secure methods for uploading files to a server .. check out what your host offers and then google or come back here for more information (if necessary). SSH2 is a more secure, efficient, and portable version of SSH that includes SFTP, which is functionally similar to FTP, but is SSH2 encrypted. At Indiana University, UITS has upgraded its central systems to SSH2 (usually the OpenSSH version), and encourages those concerned with secure communications to connect using an SSH2 client Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.