Jolly Good Websites for Reading Businesses Established October 1999
Tel. 0845 6445513 (national) Tel. 0118 9507617 (local)

Wednesday, 21 April 2010

Protecting Your Site From Hackers

BNI

Each week in our BNI lunchtime meeting, I am expected to get up and tell other members and visitors a little bit about my work in a sixty second snapshot.

If you want to find out a bit more about our weekly meetings, skip to the bottom of this page.

Here's what I had to say this week:

"My name is Jon Ewing and I am from inframes.com ltd, a website design company from Reading.

"One of the reasons my customers stick with me is that they know I'll be there for them in a crisis.

"A lot of my customers rely solely on their website for their income, so you can imagine how horrified they might have been one morning last week to come into the office and find their homepage had been replaced by this:

Screengrab of hacked site - PLEASE CLICK TO SEE FULL-SIZE SCREENGRAB

"Now I take the security of my sites very seriously, but there are limits to what one can do. In a shared hosting environment, your website can be one of maybe a hundred occupying the same server. In this instance it appears the security of all the sites was compromised by a single piece of script uploaded to one of the neighbouring sites.

"But thanks to the speedy reaction of the hosting company – to whom I have been referring business for ten years now – this malicious code was erased completely within minutes and the security breach permanently purged.

"So this week I'd like you to refer me to anyone who has ever had their website hacked and wants to talk about how to ensure it never happens again.

"To find out how good your website could be, look into inframes."


More on this Subject - What Can You Do?

Protect Against SQL Injection

One of the most common methods of hacking a site is via its database using a "SQL Injection". This technique can give hackers complete control over your database. It can be avoided by careful programming and there's a useful free Firefox add-on called SQL Inject Me from Security Compass which allows you to test any page for common vulnerabilities.

Protect Your Passwords

Keep your passwords secret and don't use the same one for everything. You know it makes sense.

Host Your Site on a Dedicated Server

If you're currently paying twenty or thirty quid a month for your web hosting, this is a relatively costly solution that you will have to think hard over, but if your site is in a shared hosting environment (see above), you run the risk of it being scuppered by one of your neighbours. If your business depends on your website, you should seriously consider a dedicated server or Virtual Private Server (where multiple operating systems effectively run side-by-side on the same machine).

What's BNI?

I am part of a growing new chapter of the BNI business networking group and we're looking for other Reading-based small business professionals to refer business to.

We meet between 12.15pm and 1.45pm on Wednesdays. If you'd like to come along to a lunch, please drop me a line or give me a call and I'll put you in touch with our organiser.

There's absolutely no commitment required – you just pay a tenner, which covers the cost of lunch at the Strada on the Oracle Riverside - and you'll have a chance to meet existing members and other visitors, introduce your business and of course hand out business cards.