Jump to content

page hacking and mutual server

phdphd

By phdphd
in Application Design

 Share

Recommended Posts

phdphd Advanced Member

phdphd

Posted
Posted

Hi All,

 

When one clicks a link in a search engine, they might be redirected to another site than the one they want to visit, due to a hacking issue.

 

Let's suppose that the site is hosted on a shared server and that the webmaster of the site cannot be held responsable for this issue. Can there be an issue at server level ? Could the use of a dedicated server bring an additionnal protection ?

 

Thanks for sharing your view.

 

PhD

Link to comment
Share on other sites
phdphd Advanced Member

phdphd

Posted
  • Author
Posted

Let me try to rephrase it.

 

Problem : imagine you own a website that is listed in a Google search results page when the user enters some key words. One day, it appears that when the user clicks the link, the homepage of another website appears instead of the homepage of your website.

 

Questions :

  • (a) can this be due ONLY  to a violation of the security procedures implemented by the webmaster for the website (htaccess file, password/login settings, etc) or (b) can it be also achieved by exploiting a weakness of the configuration of the server that hosts your wbsite ?
  • If answer is (b), does a dedicated server (i.e. a server that hosts only your website) offer a better protection ?

 

Thanks.

 

PhD

Link to comment
Share on other sites
phdphd Advanced Member

phdphd

Posted
  • Author
Posted

Sorry, I am not an IT/Internet specialist. Let me try to rephrase again  :)

 

If a hacker just exploits a weakness of the configuration of the server that hosts the website, does this always give them access to the php files of your site and to their contents or do they also need to violate the security procedures set by the webmaster at the website level in order to access the php files?

 

Regards

 

PhD

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted
If a hacker just exploits a weakness of the configuration of the server that hosts the website, does this always give them access to the php files of your site and to their contents

 

No. That would completely depend on the exploit.

 

do they also need to violate the security procedures set by the webmaster at the website level in order to access the php files?

 

If they have access to the filesystem there is nothing stopping them accessing the php files. A php application itself cannot protect itself in that mannor.

 

What exactly are you trying to get at? Do you have a specific issue?

Link to comment
Share on other sites
phdphd Advanced Member

phdphd

Posted
  • Author
Posted

Well so far I have no specific issue, I am just wondering how to get the best protection against any violation of the website, which is still under construction.  There will be a lot of php coding and time spent on it.

 

One of the issues could be redirecting the visitor to another website. I have read in another forum that a hacker can do this by editing a website file. This implies the hacker can access the file. Then other issues can happen : by accessing the php files that make up a website, the hacker can also steal php coding, get database credentials, make any change to the DB, etc, and eventually ruin all the webmaster's efforts, even if the webmaster regularly makes backups of the website and DB.

 

Any suggestions/procedures that a webmaster should follow to implement the highest level of protection are welcome.

 

Thanks.

 

PhD

 

 

Link to comment
Share on other sites
thehippy Newbie

thehippy

Posted
Posted

The Computer Security Resource Center (CSRC) at the National Institute of Standards and Technology (NIST) has many publications on all aspects of computer security.  They are an USA Government working group that provides recommendations on such things as computer security for nearly all the government branches.

 

A Listing of the publications - IIRC I'm not allowed to link directly to PDFs on this board

 

I picked out a few that are relevant to website security.  Take into consideration the date of publication on some of the articles, while the important ones are updated regularly the more obscure publications are not, but still have valuable information.

  • Guide to Intrusion Detection and Prevention Systems (IDPS)
  • Recommended Security Controls for Federal Information Systems and Organizations
  • Guidelines on Securing Public Web Servers
  • Guidelines on Firewalls and Firewall Policy
  • Creating a Patch and Vulnerability Management Program
  • Managing Information Security Risk: Organization, Mission, and Information System View
  • Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
  • Generally Accepted Principles and Practices for Securing Information Technology Systems

 

Given that you've stated 'I am not an IT/Internet specialist,' hire a professional if its important.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.