10 Things you should be doing to make your website secure!

“OMG, What would I do now….I lost all my registered users, people don’t trust my site anymore, How am I going to cover this mess :(” … Sounds familiar?

Having a website for your business opens up the horizon and helps connect to potential customers, but it is also vulnerable to hackers. The term itself makes people shiver as someone is trying to ruin your business and reputation. None of us wants to be eaten up by spammer or hacker.

So here are 10 things which may save you a lot of money and more than that effort which you have been putting up so far building and creating your website.

1. 1.Fix the field validator: Whenever creating a form on your website ensure you have field validations in place for every input you have on your website. Each field shall have a client and server-side validation to avoid sending empty or unwanted data into your database just by clicking the button severalties or using SQLInjection techniques.

   1. WHAT SQL INJECTION IS? : A WIDELY USED TERM NOWADAYS, IT SIMPLY USES YOUR SYSTEM TO EXECUTE UNWANTED QUERIES ON YOUR DATABASE TO CURRPT SPAM OR DELETE YOU DATA!!
   2. How unethical hackers use your form?  They usually do it by sending query as part of URL in querystring(mysite dot com /query=hackyou ) or by entering query as a part of input in your query form. Ones they send an invalid input it might break your system and display or corrupt or delete information of your tables and other details.
   3. Don’t worry about what a query is just ensure you have proper validation for each input on your website. Check for harmful characters which are used to form queries and also check for valid formats

2. Use Error Page: “USE ERROR PAGES TO HANDLE ANY ERROR, DONT DISPLAY ANY INFORMATION TO USER YOU REALLY DONT WANT TO DISPLAY”.

   1. I have seen many sites displaying table names whenever you hit in invalid url on it. Believe me it’s one of the best way to get you online business ruined.

3. Use Captcha, Have a manual intervention, could be some calculation or image catch, which reduces risk of being attacked using form filler bots available for free nowadays on internet.

   1. Ensure you are using a captcha which cannot be cracked. Standard captcha are available for the same

4. Read cookies and session so that single system cannot be used to fill in a form more than ones or as per the requirement n number of times. It helps in blocking unwanted hits on server and to avoid bot attack

   1. e.g. if a particular system is being used to create multiple IDs it might be someone spamming your system with fraud users.

5. Block miscellaneous IP/Users: If have been attacked already ensure you have blocked the IP of user, If required you can even block a range of IP from your server.
6. Update Security Patches for Plugins:Use WordPress or other CMS pluggin with updated security patches.
7. Use stored procedures rather then direct queries to minimize attacks.
8. Use random password generator: Always chose passwords hard to crack, you may use random password generator for it.
9. If you have hired someone and s/he is leaving your organization ensure all password shared with them to manage your website has been updated. Keep changing your passwords or server and admin users weekly.
10. If you have hired an organization to create your website ensure you have updated all password including that of database users and admin panel and no one have access to your system apart from those who really should have.

And one bonus!
    11. Turn off ping requests and close any port not required for your application. All password must be different for your server users.

This may not remove possibility of a DDoS attack or may not save you from a professional HACKERS but believe me most of them are not interested in a site unless they have a personal vengeance/interest/adventurous(hard to crack) or a huge amount involved. I call them HACKERS rest are just “FACKERS” the word F is used in right context here ;).

The list is long I know and expect some comments from those who have faced such issues.

Happy & Safe Internetworking

I am one of the co-founders and Lead Tech at Rockyourpaper co-founder at Alleviate Technologies Pvt Ltd, and mVirtualHeath.

Rockyourpaper is a platform for researchers and students to discover and manage relevant research articles in an affordable way.
mVirtualHealth is working in healthcare domain to make preventive health care available and affordable in India