loading...

re: Six Ways a Russian Hacker Attacked My Website VIEW POST

FULL DISCUSSION
 

I was following you beforehand, but glad I did, thanks for this content. Quite scary to have that many attack vectors hit in such a small timeframe, hope you got the exploits fixed and patched as soon as you saw it.

 

Fortunately my security was tight, so they all failed- but it is very disquieting that people actually dedicate themselves to this type of thing. Thanks for the follow by the way :)

 

What do you recommend such as a web security steps or configurations that you recommend to keep my website safe? Is coded in php.

There are a lot of things you can do. Some basic ones are:

  1. Use mysqli_real_escape_string to sanitize anything you put in your database.
  2. Escape any string that was provided by a user that you're going to show to another user on any page with htmlentities.
  3. Use salted hashing to store passwords safely.
  4. Use a modern hashing algorithm (like sha512) when you're hashing your password/sensitive data.
  5. Don't let people upload files to your site unless you're very careful about controlling the file type and data.
  6. There are some more good tips here.

Super helpfull!! Thanks ❤😊

Btw I didn't know that sha512 exists 😂😂

 

Definitely, I used to run a forum myself and people would constantly try to exploit it :(

<script>alert("haha");</script>

code of conduct - report abuse