HCME
11-17-2009, 01:09 PM
Many website owners would prefer not to think about the things that might happen if they were to lose their website. It can take years to build a loyal customer base, and optimize your site for the search engines, and with the right attack by a hacker, it can be gone in an instant, and there may be little or nothing that you can do to get it back. To protect your site, prevention is the key.
There are several ways which you can protect your Vivvo CMS server from hackers. These are the easiest and most effective ways to protect your server or computer from viruses and hackers:
First of all, it is wise to host your site on a secured server and network on the internet which only you hold the password to. Do not share your password with anyone, and keep it in a safe place.
In addition to keeping a secure network with a firewall is to install anti-virus software. When you have anti-virus software, it will scan all of your files and programs and filter out anything which could be a virus. The anti-virus software will then eliminate these suspected viruses off of your computer to keep those viruses from becoming dangerous.
Make sure that you are listed as the administrative contact for your domain, and lock the domain with your registrar. Locking the domain means that any transfer attempt will be prohibited unless you personally approve it.
Use strong passwords for FTP, Admin panel access, and special email accounts. A strong password looks something like this: 5claYdoR. While a password like that may be harder to remember than your dog's name, it is also more secure and will go a long way to protecting your site from hackers.
Rename or protect your Vivvo CMS Admin folder. After you successfully install Vivvo in the desired folder, rename the "admin" folder to your choice (for example "vcmsadmin") and then open conf.php file and update the folder name in the last line "define('VIVVO_FS_ADMIN_DIR', 'vcmsadmin/');" - save the changes and upload the new configuration file. You may also protect the newly renamed admin folder from your server's cpanel using .htaccess for extra protection.
Screen your emails. Hackers can send viruses through emails and if opened, the virus will attack your computer. The best way to prevent this from happening is to be diligent about screening your emails. Make sure you check your inbox carefully before you open any emails which have been sent from an address or user that you don’t know. Your safest option is to not open these emails at all which would put you at risk, and to delete them immediately.
You should be very wary of downloads or uploads from the internet. Certain documents, images and music files, which can be downloaded from the internet, can be dangerous because they contain viruses, malware or trojan scripts.
Turn everything you don't need off. "Everything you don't need" is defined as programs that do not need to be running or accessed in the normal, day-to-day operations of a server. GO DO IT NOW. Then, uninstall everything you don't really need or use, including browsers add-ons, old mail clients, everything.
Lock down user accounts. Got an FTP server? Lock it down. No administrative level access by FTP. Valid user accounts should only be allowed access to their directory - lock them into a jail. No execute access allowed by FTP. The majority of hacking work comes from 'trusted' users that were given a special access to Vivvo admin panel.
Don't do any development or run any under-development applications on the live server. Only transfer fully tested and audited applications on the live server. Don't run anything you didn't write without testing it on a test server first. Don't let people put code on your server that you haven't audited.
Visit your own site, and check for security breaches. "Cookie stuffing" is a common hacker tactic in which a hacker finds a breach in your site’s security, and makes a modification to your source code which sets an affiliate cookie in your visitors’ browsers.
Get rid of old files. The software for your website may be fully updated, but vulnerabilities could still exist in old files that you have forgotten to clean up. These old files, if discovered by a hacker, can allow direct access to your server as if they were still live on your site. If you must keep backups of old files, do not keep them on your server. Back them up to your own computer.
Watch out your online forms. Any form of inputs like page headers, cookies, query string, hidden fields used on forms and forms fields used to gather some sort of input from the users should be validated against expected input types and length. Any input to the web forms should always be HTML encrypted to avoid any unwanted script elements. The best way to validate inputs to the site would be to validate against what should be allowed rather than what should not be allowed.
Avoid any storage of critical or sensitive data on the server. If it is necessary, use robots.txt file to avoid indexing of such documents or folders. Example: User-agent: * Disallow: /documents. Hackers use search engines to gain access to unauthorized information through advanced search queries.
Patch your software. When a hacker finds a vulnerability in a site, the vulnerability is in the software that the site is based on, such as Vivvo. They can then simply run a script that scans the web for other sites that are running the same version of Vivvo, exploiting the vulnerability automatically. Whatever software you choose to run on your server, it is imperative that you check regularly for updates to ensure that you are protected from new vulnerabilities that are discovered.
Take advantage of free tools. A number of free tools are available online, provided by reputable companies, that automatically scan your website for known vulnerabilities.
Create a new task/cron job to backup your database at least twice a week. Keep a fresh backup copy of all fixes, patches and revised php/tpl files in a safe place.
You should also check if your web server allows directory listing. Directory listing will allow anyone to see the contents of directory by typing in the website address and existing folder name. Your Vivvo CMS comes with special .htaccess files to prevent dir listing and unauthorized downloads/uploads of external files; they should be uploaded with the other files onto your server.
Lastly, subscribe to security and patches news/announcements lists. Major programming languages (PHP/ASP) and databases (MySql) vendors, including the Vivvo development team, post up-to-date news and fixes whenever a new vulnerability is discovered. Make sure to apply the security fix on your server as soon as it's tested & approved by the developers community.
Your server is your baby. Get an external monitoring service. Check it once an hour for problems, or better yet, write a script that checks the server for you and alerts you to any unknown variance from normal operation. Take special care of your virtual or dedicated servers.
Though it is virtually impossible for a normal website owner to avoid all hacking attempts, it is possible to minimize them using some basic precautions. Visit Zone-h (http://zone-h.com/) to learn more about the latest hacking news and techniques.
Website security is a task that is never truly done. You need to stay on top of the tactics that hackers are using, and monitor your site for vulnerabilities. With these simple steps, however, you can greatly enhance your site’s security in under an hour. Take a few minutes to do them every now and then. Your site will thank you!
I appreciate making this post "Sticky" :D
There are several ways which you can protect your Vivvo CMS server from hackers. These are the easiest and most effective ways to protect your server or computer from viruses and hackers:
First of all, it is wise to host your site on a secured server and network on the internet which only you hold the password to. Do not share your password with anyone, and keep it in a safe place.
In addition to keeping a secure network with a firewall is to install anti-virus software. When you have anti-virus software, it will scan all of your files and programs and filter out anything which could be a virus. The anti-virus software will then eliminate these suspected viruses off of your computer to keep those viruses from becoming dangerous.
Make sure that you are listed as the administrative contact for your domain, and lock the domain with your registrar. Locking the domain means that any transfer attempt will be prohibited unless you personally approve it.
Use strong passwords for FTP, Admin panel access, and special email accounts. A strong password looks something like this: 5claYdoR. While a password like that may be harder to remember than your dog's name, it is also more secure and will go a long way to protecting your site from hackers.
Rename or protect your Vivvo CMS Admin folder. After you successfully install Vivvo in the desired folder, rename the "admin" folder to your choice (for example "vcmsadmin") and then open conf.php file and update the folder name in the last line "define('VIVVO_FS_ADMIN_DIR', 'vcmsadmin/');" - save the changes and upload the new configuration file. You may also protect the newly renamed admin folder from your server's cpanel using .htaccess for extra protection.
Screen your emails. Hackers can send viruses through emails and if opened, the virus will attack your computer. The best way to prevent this from happening is to be diligent about screening your emails. Make sure you check your inbox carefully before you open any emails which have been sent from an address or user that you don’t know. Your safest option is to not open these emails at all which would put you at risk, and to delete them immediately.
You should be very wary of downloads or uploads from the internet. Certain documents, images and music files, which can be downloaded from the internet, can be dangerous because they contain viruses, malware or trojan scripts.
Turn everything you don't need off. "Everything you don't need" is defined as programs that do not need to be running or accessed in the normal, day-to-day operations of a server. GO DO IT NOW. Then, uninstall everything you don't really need or use, including browsers add-ons, old mail clients, everything.
Lock down user accounts. Got an FTP server? Lock it down. No administrative level access by FTP. Valid user accounts should only be allowed access to their directory - lock them into a jail. No execute access allowed by FTP. The majority of hacking work comes from 'trusted' users that were given a special access to Vivvo admin panel.
Don't do any development or run any under-development applications on the live server. Only transfer fully tested and audited applications on the live server. Don't run anything you didn't write without testing it on a test server first. Don't let people put code on your server that you haven't audited.
Visit your own site, and check for security breaches. "Cookie stuffing" is a common hacker tactic in which a hacker finds a breach in your site’s security, and makes a modification to your source code which sets an affiliate cookie in your visitors’ browsers.
Get rid of old files. The software for your website may be fully updated, but vulnerabilities could still exist in old files that you have forgotten to clean up. These old files, if discovered by a hacker, can allow direct access to your server as if they were still live on your site. If you must keep backups of old files, do not keep them on your server. Back them up to your own computer.
Watch out your online forms. Any form of inputs like page headers, cookies, query string, hidden fields used on forms and forms fields used to gather some sort of input from the users should be validated against expected input types and length. Any input to the web forms should always be HTML encrypted to avoid any unwanted script elements. The best way to validate inputs to the site would be to validate against what should be allowed rather than what should not be allowed.
Avoid any storage of critical or sensitive data on the server. If it is necessary, use robots.txt file to avoid indexing of such documents or folders. Example: User-agent: * Disallow: /documents. Hackers use search engines to gain access to unauthorized information through advanced search queries.
Patch your software. When a hacker finds a vulnerability in a site, the vulnerability is in the software that the site is based on, such as Vivvo. They can then simply run a script that scans the web for other sites that are running the same version of Vivvo, exploiting the vulnerability automatically. Whatever software you choose to run on your server, it is imperative that you check regularly for updates to ensure that you are protected from new vulnerabilities that are discovered.
Take advantage of free tools. A number of free tools are available online, provided by reputable companies, that automatically scan your website for known vulnerabilities.
Create a new task/cron job to backup your database at least twice a week. Keep a fresh backup copy of all fixes, patches and revised php/tpl files in a safe place.
You should also check if your web server allows directory listing. Directory listing will allow anyone to see the contents of directory by typing in the website address and existing folder name. Your Vivvo CMS comes with special .htaccess files to prevent dir listing and unauthorized downloads/uploads of external files; they should be uploaded with the other files onto your server.
Lastly, subscribe to security and patches news/announcements lists. Major programming languages (PHP/ASP) and databases (MySql) vendors, including the Vivvo development team, post up-to-date news and fixes whenever a new vulnerability is discovered. Make sure to apply the security fix on your server as soon as it's tested & approved by the developers community.
Your server is your baby. Get an external monitoring service. Check it once an hour for problems, or better yet, write a script that checks the server for you and alerts you to any unknown variance from normal operation. Take special care of your virtual or dedicated servers.
Though it is virtually impossible for a normal website owner to avoid all hacking attempts, it is possible to minimize them using some basic precautions. Visit Zone-h (http://zone-h.com/) to learn more about the latest hacking news and techniques.
Website security is a task that is never truly done. You need to stay on top of the tactics that hackers are using, and monitor your site for vulnerabilities. With these simple steps, however, you can greatly enhance your site’s security in under an hour. Take a few minutes to do them every now and then. Your site will thank you!
I appreciate making this post "Sticky" :D