web site security

I have a feeling that something on in my web space that is bad. I have no idea how to secure my site and I'm afraid that it is very open to attack. Is there anyone here who knows about site security who would be willing to "proof" docglass.net and also help me stream line the site? I'm very willing to pay but atm I dont have much money to spend, what kind of prices would people charge for that? I guess I'm looking for a web master who can set up the basic site that I can add my content to, is that possible or should I just stick to my simple, hard-to-update html stuff?

My dream site would have a system where I could update my own blog and a picture subbmition system so I could update my portfolio without having to re-do the whole page.

Lep could do that, but I think hes busy making exactly what your talking about, but for some other project of his.

---

-[Better to be Honest than Kind]-

Plenty of people can do that. It takes time though if you don't already have a barebones. The whole "snarkpower" thing Lep is making suits this though. That'd be the easiest bet if it's completed, or close to it.

Otherwise ... pick up a PHP book/site and read up on how to use databases. Unix file permissions is a good idea too. Since the actual security comes from the webserver. If you're "protecting" through the page it self all you need to do is make sure you do not accept whatever input that may come in, since that is the most common compromising trait possible.

---

Blame it on Microsoft, God does.

I have a feeling that something on in my web
space that is bad. I have no idea how to secure my site and I'm afraid
that it is very open to attack. Is there anyone here who knows about
site security who would be willing to "proof" docglass.net and also
help me stream line the site? I'm very willing to pay but atm I dont
have much money to spend, what kind of prices would people charge for
that? I guess I'm looking for a web master who can set up the basic
site that I can add my content to, is that possible or should I just
stick to my simple, hard-to-update html stuff?
<div class="quotetext">
My dream site would have a system where I could update my own blog
and a picture subbmition system so I could update my portfolio without
having to re-do the whole page.

</div>

Have you tried any Content Management Systems? I would suggest
drupal. It's probably the best among
those available in terms of security and features. There are a lot of
others, like PHP Nuke and Mambo, but the number of vulnerabilities
discovered in these everyday is just scary.

You can find a few simple tips for PHP security here :
http://phpsec.org/library/ . I would suggest going through as
many of the relevant articles there as possible. It will give you a basic insight
into security practices, so you will have something to start working
with. There's lots of security info on the net (blackhat as well as
whitehat stuff, so beware), especially about PHP. Once you get started
it shouldn't be much of a problem finding more and more specific info.

I'm not a security expert by any stretch but I would suggest that you
do not worry too much about your site (as it is now). Since it is
mostly HTML/JS, I dont see any chances of any h4xing through your site.
The problem generally starts with stuff like ASP and PHP being used
with unsanitised user input or weak third party components.

ok, so my dinky little html site should be fine.� My php forums
were suspended due to... I dont know, and I found some folders in my
site files that I didn't put there.

I'm not too worried about it, I mean who would want to attack my site anyways?

Forums are a very common target, especially phpBB. I see a new exploit
for phpBB almost twice every month. There isn't any easy solution to
this except upgrading every time there's a new release of phpBB, even a
x.y.1 release.

And teh new folders bit is quite scary TBH. You may want to check your
site's logs to see if any spikes in activity occurred around the time
those folders were created... Besides that, you can contact your host's
tech support and inform them. There may have been an intrusion from
elsewhere :sad:

The scary thing was when I tryed to open one of the new text docs I
found, norton grabed it! Not sure what it did, but I'm not going
to touch it untill my computer has some anti-virus on it.

Your PHP Forums are out of date, update them to the most current version, and they will run fine, thats what I had to do. Just remove any themes before you do it Glass.

If you are useing HostingMatters for your provider, you can use Fantasico to update real easy. Or any host that has cpanel and fantasico installed.

thanks! I have cpanal