SECURITY TIPS - Website Defacement Alert and Guide [INFO]
Posted by on 27 December 2011 10:41 AM
Don’t take for granted that your open-source web applications like CMS are 100% safe. All software have issues and mess ups or security holes. If a CMS has a security flaw, hackers will find them at some point in time.
Do not forget to keep yourself updated on security holes in your CMS. Most open-source systems release updates on a regular basis. However, not all systems check for updates instantly and some can’t install them automatically. Keep yourself updated by joining mailing lists or following Twitter accounts of those services.
Do not forget who is accountable for updating your CMS. Maybe you have used your hosting suppliers' 1-click installer or perhaps your web designer has installed the CMS for you. But do they update it for you? Rarely. Keep in mind it’s your responsibility that your CMS is updated with the newest security patches. Alternatively, you could outsource the task to your webmaster, website development expert or website designer.
If your CMS do give you update alerts, don’t neglect them! Systems like Umbraco and DotNetNuke have a function that checks if for updates available when you login. A system like WordPress also checks for updates and by a few clicks in the admin you can update your CMS very easily (don’t forget to backup before you update). Take the update alert seriously and update straight away.
Don’t forget to update third party modules. Other developers than the open-source team could have developed the modules on your CMS. These modules can also contain security issues. Just as you have to have an update on the CMS, you also need to update the third party modules your CMS uses.
6. Webmaster or Site Developer
Don’t forget to team up with an expert or supporter. Keeping your system up-to-date can be difficult and laborious. If you team up with a consultant who is used to updating your kind of open-source system, you are able to save valuable time and concentrate on running your business. You can pay him monthly and he is going to make the updates when available, or you can pay by tasks.
Do not forget to have a robust password policy. This is really the biggest reason why hackers get access to systems - weak passwords. Try to make long passwords, at least 8 characters with both numbers and letters. Do not use your name or zip plus city. If you find it hard to remember long passwords, attempt to make a sentence with a number, and then use the 1st letter of each word to make a password. E.g. “The Rabbit jumped over 4 Stones and 7 Flowers” makes the password TRjo4Sa7F
Do not forget to backup your full system (both files and database) – constantly. You take for granted that your hosting supplier backups everything. Well, they do, but mistakes happen even at the largest hosting suppliers. Also the hosting suppliers' backup history is maybe only a couple of weeks long. If your system gets hacked, the very first thing a hacker does is leaving a backdoor. After weeks perhaps months he returns and defaces the homepage. When your hosting supplier revive your system from the newest backup the hack seems to be resolved on the surface, the backdoor is still there. If you choose a free open-source CMS for your homepage, remember that it does take some time to upkeep and update it. Outsourcing this part might be a brilliant idea.
There are many sites that offer Free Templates for CMS software such as Joomla and WordPress, but what you may not know is that some of these sites have hidden bits of code within these templates that are malicious. In some templates, you will find links in the footer that are not so friendly and you can’t remove them because it’s part of the agreement set by the author in order to use the template.
Steps need to be taken: