♪ I think I've thought myself to death...
Posts: 642
Threads:
Likes: 168
Member is Offline
|
Post by ⸗April⸗ on Oct 19, 2015 12:25:28 GMT -5
What is the best method for protecting your website(s) from hackers? Or your email?
I know one of the first defenses is to have a very strong password, but what if it still happens after you've secured what would seem to be a highly impenetrable password?
|
|
Chief Deflumuxer
My dear sweet Millie, may she play peacefully over on Rainbow Bridge
"It's gonna take love and a light to save us all"
Posts: 233
Threads:
Likes: 120
Member is Offline
|
Post by Azayles on Oct 19, 2015 15:07:37 GMT -5
Typically hacking occurs via two routes: A) A company website gets targeted, for any myriad reasons, and the database is cracked and members' details are downloaded, or the site is altered in some way, or taken offline completely. This is becoming less and less common as more and more secure systems are put in place in hosting servers, and webmasters have access to better and better tools. Unfortunately, a company being hacked is outside of the control of the end-user. We place our trust in people like Proboards, for example, to make sure their own systems are secure, that they have the latest security updates running on all their servers, and that they have no security breaches such as an unsanitized input box, primed for a My SQL injection hack ( fascinating video on the subject!) Or B) Individuals, or groups of individuals are targeted via their own computers, and information is obtained that way. This is FAR more common, and also alot easier. usually when you hear of someone being hacked, this is what has happened. So how can we prevent this? - Firstly make sure your password is SECURE. This should be easy, but many people still use "123" or "password" or "admin" or any number of easily guessed passwords. Often for fairly critical things, too! Dictionary attacks are a common way of cracking a password of this kind. Literally a computer program uploading words from an electronic dictionary until the right one is found.
So mix it up! Use two or more different, completely unrelated words, and chuck some numbers in there, too. This will increase the security of that password a thousandfold. - Don't use the same password for multiple sites/services. If you do this, your entire online existence is an open door as soon as someone has that one password. (Ask me how I know!)
- Don't make it something obvious, or something someone could make an educated guess about if they knew you. If your password is your birthday, your maiden name, the name of your pet dog or your favourite sports team, you're doing it wrong!
- Avoid online services that store all your passwords in one place for convenience. That convenience comes at a cost. If that one site gets breached, your whole online life is laid bare.
Other security flaws exist because of exploits and vulnerabilities in software. This is why updating software is of paramount importance. You need the operating system security updates, antivirus/firewall software patches and browser versions kept up to date at all times. Vendors release these patches for a reason, so don't put off updating because you "can't be bothered" or it's "effort". Yes I've heard this before  Thankfully from no-one here!Share your passwords with NOBODY. DEFINITELY don't share them online, for example in emails, or private messaging. The old adage "Three can keep a secret, if two are dead" has never rung more true. (Again, ask me how I know  )
If you want to remember your passwords outside of letting your browser save them, then write them down and store them SAFELY in your own home. An address book is idea for this! keep that one book safe, and if it never leaves the house, and no-one ever breaks in and finds it, you're probably gonna be ok!
Oh and if you ever sign up for a website, you forget the password and that website emails you the password back, run a mile! A decent website that does it right will never store your password in this fashion.
But that's a topic for another post 
Stay safe! |
|
♪ I think I've thought myself to death...
Posts: 642
Threads:
Likes: 168
Member is Offline
|
Post by ⸗April⸗ on Oct 19, 2015 18:51:43 GMT -5
Thank you for that in-depth response Azayles! I definitely was not expecting one so thorough I think my issue happened because I hadn't updated the software to the latest version.  I know that sounds horrible but I just wanted to make sure that I had enough time to back up the pages and everything before I updated just in case... and yeah now I'm paying the price for that procrastination. -.- And trust me, I've gotten the lecture from my (IT) boyfriend already. I know it was definitely not my password because it's a crazy secure one. But yeah... for everyone out there reading this, definitely UPDATE YOUR SOFTWARE the moment an update is available.  That's my lesson learned for the day. |
|
Hello there PF world :)
Posts: 42
Threads:
Likes: 11
Member is Offline
|
Post by milksheikh on Oct 20, 2015 15:54:24 GMT -5
I would consider DDoS protection  |
|
*sighs*
Posts: 221
Threads:
Likes: 73
Member is Offline
|
Post by Thomasss on Oct 28, 2015 14:13:26 GMT -5
Welcome to the age of 90 character passwords. xD Nah, I think Azayles hit it spot on, especially when it comes to sites literally giving you your password in an email, that's just plain unsafe. |
|
I don't trust people who don't have hobbies
Posts: 53
Threads:
Likes: 28
Member is Offline
|
Post by synthtec on Oct 28, 2015 16:10:28 GMT -5
Hackers are lazy in most cases, which is why alot of these guys create bots to "scrap" the web. This would be the most common type of hack today along with DDoS(where a hacker sends thousands of unique IP's(visitors) to your site and your server cannot handle it).
As a software developer myself I can tell you the "surface web" is not a safe place to do business. Your passwords should be unique for every website you use and they should look similar to this "Gg36JS$dk3839HHd". You would write them down on a post-it note or diary and leave it close to you, never store passwords on your computer(on the web, or locally on your computer).
If your website is using some sort of "remember me" functionality, chances are you are vulnerable, unless you restrict access to sensitive data such as reset passwords/bank account information/profile updates etc. I generally create a token when some gives me a valid login, then re-generate it for every other successful login. That way if an attacker does gain access to your account, its a one time deal. I would also throttle login attempts for your account(between 3-5 tries).
What software are you currently using?
If you are on shared hosting, this is the best you could do manually.
Make sure you have a good .htaccess file on your server(html5boilerplate offer a good one for free).
Signup to a FREE CDN service(cloudfare are quite good), this will add additional firewall security.
If your selling or storing information about people, buy an SSL cert.
If you are using wordpress, be sure to install(wordfence), this will show you who has been trying to login to your site(by IP,country, username/password combo they use, as well as scan your files for anything malicious)
Finally, If your not looking to do business in certain countries, or don't hope to have those people participate on your site(maybe a language barrier) BLOCK those countries by IP Range in your .htaccess file.
Regards,
Phil
|
|
♪ I think I've thought myself to death...
Posts: 642
Threads:
Likes: 168
Member is Offline
|
Post by ⸗April⸗ on Nov 5, 2015 0:37:13 GMT -5
What software are you currently using? I use Joomla currently. Still haven't gotten things back up and running but that's because I haven't had the extra free time to work on it. Thank you for the response also, and another in-depth one at that. My website account has been secure ever since I updated. I was having issues with someone from Germany constantly trying to gain access to 2 of my emails, but whoever it is hasn't been successful since I enabled the two-factor authentication where I have to actually physically approve the login request on my phone. |
|
*sighs*
Posts: 221
Threads:
Likes: 73
Member is Offline
|
Post by Thomasss on Nov 5, 2015 0:41:33 GMT -5
⸗April⸗, if you're willing to switch, I'd highly recommend WordPress. It has so much security features, Jetpack is amazing and it'll actually block the login if its a brute force so that it doesn't do anything to the site. Themes are the bomb too.
|
|
♪ I think I've thought myself to death...
Posts: 642
Threads:
Likes: 168
Member is Offline
|
Post by ⸗April⸗ on Nov 10, 2015 18:06:08 GMT -5
⸗April⸗, if you're willing to switch, I'd highly recommend WordPress. It has so much security features, Jetpack is amazing and it'll actually block the login if its a brute force so that it doesn't do anything to the site. Themes are the bomb too. I'd have to think about that. I've got the hang of Joomla now, and I've never used WordPress at all so I'd have to find time to learn that one also. Honestly, I thought WordPress was mainly for blogs though, not websites. -shrugs- I'm still deciding really. |
|
Busy at the North Pole
Hello! :)
Posts: 38
Threads:
Likes: 9
Member is Offline
|
Post by ddoesmc on Dec 4, 2015 14:49:10 GMT -5
I make sure my passwords and secure and I have two-auth anywhere I can get it.
|
|
*Socially Confused*
Posts: 33
Threads:
Likes: 4
Member is Offline
|
Post by Mozzie on Dec 30, 2015 8:44:19 GMT -5
Strong passwords are great, changing them regularly helps as well, but at the end of the day, there are different ways to get into a site, its not all about breaking passwords and emails these days. You can even try mutable pass wording as well.
|
|
Posts: 11
Threads:
Likes: 1
Member is Offline
|
Post by john123 on Dec 30, 2015 16:48:50 GMT -5
Typically hacking occurs via two routes: A) A company website gets targeted, for any myriad reasons, and the database is cracked and members' details are downloaded, or the site is altered in some way, or taken offline completely. This is becoming less and less common as more and more secure systems are put in place in hosting servers, and webmasters have access to better and better tools. Unfortunately, a company being hacked is outside of the control of the end-user. We place our trust in people like Proboards, for example, to make sure their own systems are secure, that they have the latest security updates running on all their servers, and that they have no security breaches such as an unsanitized input box, primed for a My SQL injection hack ( fascinating video on the subject!) Or B) Individuals, or groups of individuals are targeted via their own computers, and information is obtained that way. This is FAR more common, and also alot easier. usually when you hear of someone being hacked, this is what has happened. So how can we prevent this? - Firstly make sure your password is SECURE. This should be easy, but many people still use "123" or "password" or "admin" or any number of easily guessed passwords. Often for fairly critical things, too! Dictionary attacks are a common way of cracking a password of this kind. Literally a computer program uploading words from an electronic dictionary until the right one is found.
So mix it up! Use two or more different, completely unrelated words, and chuck some numbers in there, too. This will increase the security of that password a thousandfold. - Don't use the same password for multiple sites/services. If you do this, your entire online existence is an open door as soon as someone has that one password. (Ask me how I know!)
- Don't make it something obvious, or something someone could make an educated guess about if they knew you. If your password is your birthday, your maiden name, the name of your pet dog or your favourite sports team, you're doing it wrong!
- Avoid online services that store all your passwords in one place for convenience. That convenience comes at a cost. If that one site gets breached, your whole online life is laid bare.
Other security flaws exist because of exploits and vulnerabilities in software. This is why updating software is of paramount importance. You need the operating system security updates, antivirus/firewall software patches and browser versions kept up to date at all times. Vendors release these patches for a reason, so don't put off updating because you "can't be bothered" or it's "effort". Yes I've heard this before Thankfully from no-one here!Share your passwords with NOBODY. DEFINITELY don't share them online, for example in emails, or private messaging. The old adage "Three can keep a secret, if two are dead" has never rung more true. (Again, ask me how I know )
If you want to remember your passwords outside of letting your browser save them, then write them down and store them SAFELY in your own home. An address book is idea for this! keep that one book safe, and if it never leaves the house, and no-one ever breaks in and finds it, you're probably gonna be ok!
Oh and if you ever sign up for a website, you forget the password and that website emails you the password back, run a mile! A decent website that does it right will never store your password in this fashion.
But that's a topic for another post
Stay safe!
This is a really good summary. The two easiest ways to get hacked is using one password on multiple websites, or by clicking a bad link from a black-hat hacker who's able to take over your computer.
I was hacked once, and I'm still not sure how he got my password. I'll probably never know, but I'm pretty sure it was by brute force. That's not easy to do at all, though. So I'm honestly not too worried about it happening again.
|
|
Thankfully from no-one here!
)
I know that sounds horrible but I just wanted to make sure that I had enough time to back up the pages and everything before I updated just in case... and yeah now I'm paying the price for that procrastination. -.- And trust me, I've gotten the lecture from my (IT) boyfriend already. I know it was definitely not my password because it's a crazy secure one.
That's my lesson learned for the day.
