Results 1 to 3 of 3
  1. #1
    Star Lounger
    Join Date
    Sep 2002
    Location
    Melbourne, Victoria, Australia
    Posts
    76
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi there,

    What is the best way to protect my website from malware. I have a site hosted by GoDaddy which was created using Joomla.

    Many thanks for any and all help.

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Quote Originally Posted by ozgal View Post
    What is the best way to protect my website from malware. I have a site hosted by GoDaddy which was created using Joomla.
    There are lots of books and webinars on this topic: it has many aspects. In my opinion, the most important things for you are:

    (1) Control user input: most attacks on web site visitors (e.g., cross-site scripting, also written XSS) involve content added through legitimate software by others users. Joomla lets you control authoring and presumably commenting. It also probably includes code to scrub input to minimize XSS attacks.

    (2) Use strong administrative passwords and change the default administrator username if you can. Popular platforms will be tested because administrative access allows for a complete takeover of the account.

    (3) Avoid unencrypted transmission of your hosting account passwords, as much as possible. For example, instead of using regular FTP, use SFTP (FTP over SSH).

    (4) Keep server software up-to-date with security patches. This applies to Joomla, phpMyAdmin, WordPress, and other common software. Your hosting control panel might include one-click update, or you might need to open each application individually, or you might need to FTP new files. In order to learn about security updates, subscribe to the product's mailing list or a service that consolidates announcements. (The underlying web server, and PHP and MySQL, probably are beyond your control on a typical shared hosting account.)

    (5) Follow guides to "harden" your applications. Some features are more dangerous than others and you might choose to turn them off. Sample sites often turn out to have goofs that needlessly expose your site. Some hardening suggestions assume you control the server completely, but hopefully most of them are within your grasp.

    When you start writing your own pages, scripts, and online applications, the biggest issue is validating and cleaning user input in your server-side script or application. Never trust that the limits set in the entry form and scripts in the page have been honored: attackers easily bypass those limitations.

  3. #3
    Star Lounger
    Join Date
    Sep 2002
    Location
    Melbourne, Victoria, Australia
    Posts
    76
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi there,

    Wow, have I got lots to learn! I never knew any of this was necessary. Definitely need to hit the books, sites, etc., to learn how to implement your suggestions.

    Many thanks....I think! LOL!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •