[mazzmatazz]

i am concerned about the security of my website, i would like to know what precautions are in place to prevent hacking, and also what i could do myself to prevent anything like that happening.

i'm currently running a normal, html site, with 2 mysql databases - one with phpBB and one with oscommerce. my phpBB forum is locked to members only and i have to authorise any new members.

also, what is in place to prevent picture theft, short of me adding javascript to my pages to prevent right clicking?

[XILO]

Hi Mazzmatazz,

We constantly update versions of software such as Apache, PHP, Perl, MySQL etc. This is to ensure we are not running old vulnerable versions. Also - we lock down machines so that certain commands such as GCC (compilers) are not accessable to normal users only machine admins.

We do take regular backups that if a machine was "hacked" we could easily restore to a previous state.

Unfortunately, every server on the internet could possibly be hacked - there can never be a 100% guarantee of any server being secure if it is connected to the public internet.

I can't release detailed information relating to our security policies as this could make our network more vulnerable.

In regard to your comment about picture theft; it is up to the client to add protection to their site for any of their content. This could be in the form of removing the "right click" or adding "digital watermarks".

I hope this has answered your query.

Matt

[mazzmatazz]

thank you for the reply, i am just concerned because someone seems to have a vendetta against me, and i wouldn't put it past them to _attempt_ to hack my site!

[XILO]

Hi again,

If you want to open a ticket with any further details you can give and which sites of yours you are worried about - we can investigate further.

Matt

[cunning]

Quote:

Originally Posted by mazzmatazz

also, what is in place to prevent picture theft, short of me adding javascript to my pages to prevent right clicking?

Mazz,

Not sure if you're up with JavaScript (I know I'm not!!!) but this might be worth a try? I don't take any credit or responsibility - I was browsing and remembered your post.

<SCRIPT language=Javascript><!--
// ***********************************************
// AUTHOR: WWW.CGISCRIPT.NET, LLC
// URL: http://www.cgiscript.net
// Use the script, just leave this message intact.
// Download your FREE CGI/Perl Scripts today!
// ( http://www.cgiscript.net/scripts.htm )
// ***********************************************
var isNS = (navigator.appName == "Netscape") ? 1 : 0;
var EnableRightClick = 0;
if(isNS)
document.captureEvents(Event.MOUSEDOWN||Event.MOUS EUP);
function mischandler(){
if(EnableRightClick==1){ return true; }
else {return false; }
}
function mousehandler(e){
if(EnableRightClick==1){ return true; }
var myevent = (isNS) ? e : event;
var eventbutton = (isNS) ? myevent.which : myevent.button;
if((eventbutton==2)||(eventbutton==3)) return false;
}
function keyhandler(e) {
var myevent = (isNS) ? e : window.event;
if (myevent.keyCode==96)
EnableRightClick = 1;
return;
}
document.oncontextmenu = mischandler;
document.onkeypress = keyhandler;
document.onmousedown = mousehandler;
document.onmouseup = mousehandler;
//-->
</SCRIPT>

Good luck,


Cunning

LOL - that didn't work - here's the link...............

http://www.javacabin.co.uk/ - see the no right click link.......

[mazzmatazz]

hi, i think the person i am having issues with is rearing their ugly head again. i have suspicions that they are planning a dos attack on my site tomorrow evening.

[leelad]

i can confirm on behalf of mazz that this did not happen and said weirdo has "quit the internet"

[Gareth]

Quote:

Originally Posted by leelad

i can confirm on behalf of mazz that this did not happen and said weirdo has "quit the internet"

Hopefully for good!

[mazzmatazz]

hey lee

actually, this guy has breached s1 of the misuse of computers act, he acquired a forum member's password and used it to gain confidential information from a hidden forum area, which he published on his (now taken down) website. thankfully he got his connection suspended for it, but is their any form of action i can take myself, as it was my site the information was from (the password was acquired elsewhere)

[Gareth]

Quote:

Originally Posted by mazzmatazz

hey lee

actually, this guy has breached s1 of the misuse of computers act, he acquired a forum member's password and used it to gain confidential information from a hidden forum area, which he published on his (now taken down) website. thankfully he got his connection suspended for it, but is their any form of action i can take myself, as it was my site the information was from (the password was acquired elsewhere)

Not much I'm afraid. You could contact the police or a solicitor to see if there is any criminal/civil action can be taken, but I would not hold your breath

I would though change the password!!!