Password Sharing Password sharing is a problem with any website which allows users (members) to login. It is especially true with paysites where users purchase access. Adult websites, in particular, are prone to password sharing which can be very expensive in terms of bandwidth and lost sales. Sharing of passwords usually results from two actions:   An existing member shares, trades, or sells his password to other person(s). Less common and less a problem since they typically share their password to a select small group of people like friends. Nevertheless, it which results in lost sales.   A second method is used by individuals (hackers)Read More →

Captcha Form Protection   What is Captcha? Captcha is a backronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”. It is is a type of challenge-response test used in computing to determine whether or not the user is human. The purpose of Captcha is to deter hackers, spammers, etc. from using software to auto-submit forms. For example, to spam message boards, blogs, etc. The person is presented with a challenge to which the person must respond correctly. For example, in its earliest and simplest implementation, a graphic is displayed which contains a random selection of letters and numbers. The person mustRead More →

Secure Form Validation   It is of critical importance to ensure that your forms are secure and safe. Secure in that surfers cannot enter data which can harm or exploit your server. There are two levels of security: client-side and server-side. Let’s first discuss client-side.   In the case of client-side, you use the browser (using client-side JavaScript) to catch simple failures like mandatory fields that are empty, or catch invalid input (e.g., non-numeric input when you are collecting numeric data). You can find an abundant number of examples just by Googling ‘jquery form validation’. This is your first line of defense. These client-side securityRead More →

Yes! SSL is a protocol used to provide security over the Internet. It is a good idea to use a security certificate whenever you are passing personal information between the website and web server or database. Hackers could sniff for this information, and if the communication medium is not secure, they could capture it and use this information to gain access to user accounts and personal data. SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client-typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook). SSLRead More →

A common and frequent mistake made by many webmasters is not to keep their scripts up-to-date. What are scripts? Scripts are web-based applications (apps) – typically written in PHP and CGI-Perl, but also Python, ASP, Ruby on Rails, etc. This can be a critical mistake.   You could expose your web server, website, and users to security vulnerabilities. Vulnerabilities are commonly discovered in apps. Sometimes they arise from changes in the app code from a previous update, or were missed and only just discovered due to recent exploits by hackers who discovered the vulnerability. Sometimes they arise from changes/updates in the underlying framework: web server,Read More →

In the previous security article, I discussed FTP security. This time around, I will discuss hardening your Secure Socket Shell.   SSH is a network protocol that provides administrators and webmasters with a secure way to access a server using a client like Putty or SecureCRT, to name but two.   People tend to take SSH for granted. They see the “Secure” in SSH and assume protocol is hardened by default. Not so. SSH is vulnerable if not properly set up. This is a big problem, because SSH allows access to the server, which allows the user command-line access. A hacker with command-line access could wipe theRead More →

What follows are a series of articles discussing website security, and how to make your website more secure. Before there was the Web, there were hackers. Hackers have always been in the mix, and the birth of the World Wide Web provided hackers another playground to spoil. But if one is careful and vigilant, one can defend oneself against hackers. This first article will focus on FTP security.   It is of critical importance to maintain FTP security in order to prevent unauthorized access by third parties like hackers. If a hacker gains access to your FTP server, they can cause many problems:   1.Read More →