Best security practices for protecting a website from hackers

Vohligh

Well-Known Member
Joined
Sep 15, 2011
Messages
372
Reaction score
1
Location
CT
Hi all,

I would like to know the latest security considerations regarding protecting an e-commerce website from hackers.

The website will be written in php with a mysql backend, and payments will be made using bitcoins.

Some considerations I know of include: validating input, sanitizing data, salting and hashing passwords, logging, XSS, CSRF, SQL injection, DoS, SSL.

Thanks in advance
 
Bitcoins eh? PM me is you are selling interesting stuff, if ya know whatimean.
 
Our platform uses various mechanisms, token authentication, 2 factor, biometric (fingerprint), all the ones you mentioned regarding web.
 
Firstly I would recommend you ensure the Web host you with as some if not all the following tools:

Config Server Exploit Scanner
Config Server Firewall
Mod Security Rules (OWASP, Atomic or Comodo WAF) - This is a must for any host.
Rootkit Scanners
CageFS and CloudLinux

There are much more but choose a host with most if not all of the above. This will ensure that they cannot get through from other sites or compromised code.

Lastly use .htaccess files to stop access into certain folders by using the allow and deny rules. There are probably many other mod rewrite rules you could also use to block bad bots, scripts ,etc.

Hope this helps
 
Firstly I would recommend you ensure the Web host you with as some if not all the following tools:

Config Server Exploit Scanner
Config Server Firewall
Mod Security Rules (OWASP, Atomic or Comodo WAF) - This is a must for any host.
Rootkit Scanners
CageFS and CloudLinux

There are much more but choose a host with most if not all of the above. This will ensure that they cannot get through from other sites or compromised code.

Lastly use .htaccess files to stop access into certain folders by using the allow and deny rules. There are probably many other mod rewrite rules you could also use to block bad bots, scripts ,etc.

Hope this helps

I agree fully with your list, but, why do you select CloudLinux?
I get the exclusivity it gives between resources, but it can easily be done with most other *nix OSs.
 
Yes I'm sure it can but it's a standard now adays with most hosts as cloudlinux and cpanel (Which is possibly the largest control panel) would probably have.

It's not a necessity but if they have CloudLinux they may have installed and setup CageFS to protect each customer from many attacks, symlink attacks for eg. Plus much more. It's quite useful. Read more about it here: http://docs.cloudlinux.com/index.html?cagefs.html
 
Yes I'm sure it can but it's a standard now adays with most hosts as cloudlinux and cpanel (Which is possibly the largest control panel) would probably have.

It's not a necessity but if they have CloudLinux they may have installed and setup CageFS to protect each customer from many attacks, symlink attacks for eg. Plus much more. It's quite useful. Read more about it here: http://docs.cloudlinux.com/index.html?cagefs.html

Thanks. :) Will have a read through the doc.
 
Check into HD wallets (Heuristically Determined)
 
Pci compliancy costs an insane amount of cash.
 
The most secure website ever is one that was never built. Good luck :D
 
Top
Sign up to the MyBroadband newsletter
X