How to avoid hacking



1.    Implement a firewall, antivirus and anti-spyware
2.    Develop a corporate security policy (unique passwords, password change every 90days)
3.    Don't run unnecessary network services
4.    Conduct a vulnerability test
5.    Keyword Filter to block out any harsh words. Use a whitelist before accepting any data from a user. (Whitelists reject all data that are not included on the OKed list.)
6.    Unsolicited Installation of Scripts
7.    Avoid Scam/Spammy Websites
8.    Make sure your files are using the correct CHMOD Permissions
9.    Change default table prefix for opensource scripts
10.  Check code before use of 3rd Party Scripts, Plugins, widgets
11.  Checking Your Logs Regularly
12. Blocking Search engine spiders from indexing admin section through robots.txt by adding Disallow: /wp-admin
13. Avoid .htaccess hack by # STRONG HTACCESS PROTECTION


order allow,deny
deny from all
satisfy all

14. Not allow browse through your directory by add code in htaccess file
# disable directory browsing
Options All –Indexes
15. Secure config files by adding code in htaccess
# protect wp-config.php


Order deny,allow
Deny from all

16. use .htaccess to restrict access and allow only specific IP addresses to admin directory by
# deny access to wp admin
order deny,allow
allow from 192.168.0.11 # This is your static IP
deny from all
17. Block script injection, and unwanted modification of _REQUEST and/or GLOBALS. In htaccess
# protect from sql injection
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
18. Make sure firewall and antivirus are always running before you access the Internet. If you want to exit or turn off your firewall or antivirus program, disconnect from the Internet first.
19. Encoding output data will stop script injection in the browser.
20. Never use filename or files supplied by users in any server-based resources including images and script inclusions.
21. Do not automatically use credentials or tokens submitted by browsers. “The only solution is to use a custom token that the browser will not ‘remember,’” writes OWASP.
22. When possible, avoid using interpreters. If you must use them, OWASP recommends to “use safe APIs, such as strongly typed parameterized queries and object relational mapping libraries.”
23. Use prepared statements, parameterized queries, or stored procedures. Do not use Dynamic SQL.
24. When connecting to a database use a less privilege account. That account should not be able to drop the “able” or “create.”
25. Never write your own encryption algorithms, it takes teams of encryption professionals to do this appropriately.
26. Only use tried, trued, and approved public encryptions.
27. Never generate keys while you are connected online.
  1. Use an index, indirect reference map or another indirect method to avoid exposure of direct object references. If you can’t avoid direct references, require authorization for website visitors before displaying them.
29. All private URLs and business functions need to be password protected by an effective access control mechanism that verifies the user’s role and privileges.
30. Remove default, test and example pages and applications that usually come with web server software.
31. never post your IP address on the Internet or in an email
32. Don’t use Generic Usernames
33. Securing your Ports.  Make sure any unwanted ports are ‘properly closed.’
34.  Updated Security Patches
35. Avoid public wi-fi – Avoid checking emails, logging into mobile banking sites and accessing private information when your phone is connected to public wi-fi such as those in coffee shops – as these are often insecure.
36. Turn off Bluetooth – When you’re not using Bluetooth always turn it off as hackers could use the wireless connection to gain remote access to your phone.
37. When using other than your personal home computer or laptop Turn off auto-complete, Delete your browsing history
38. Check if your Gmail messages are being forwarded without your permission
39. Keep informed about network security
40. Ensure physical security and Use paswordless authentication like smartcard etc.

Comments

Related Posts Plugin for WordPress, Blogger...

Popular Posts

மூக்குத்தி அணிவது ஏன்?

UI Certifications Q & A

Technicals details select

Do's and Don'ts - Central Pollution Control Board (CPCB),

for programmers dropdown

medicals dropdown

:: Useful web links List