Sphinn - The Ultimate Hacker Prevention Guide

48
Sphinn It!

Went Hot: July 2, 2008 - 4:44 pm
Posted By: mvandemar 368 days ago
Topic Type: News Story (Jump to http://www.seo-scoop.com)
Category: Blogging

Great post by Donna Fontenot that covers both prevention of and recovery from hacker intrusion, for blogs and other non-blog sites alike.

5 Comments

Who Desphunn This (0)

Comments

from DarkMatter 367 days ago #

Votes: 0 | Vote:

+ -

I'm dumping wordpress for Drupal. I've had it with trying to keep WP secure, and upgrading usually exposes more vulnerabilities than it fixes.

from MattMcGee 366 days ago #

Votes: 0 | Vote:

+ -

This is a terrific article, Donna - thanks for putting it together.

from ColinCochrane 366 days ago #

Votes: 0 | Vote:

+ -

Good article, though a more accurate title might have been "The Ultimate Wordpress Hacker Prevention Guide".

from kapheroph 366 days ago #

Votes: 1 | Vote:

+ -

Also worth a mention is to keep an eye on security sites like http://secunia.com and http://www.securityfocus.com for vulnerabilities and exploits.
One of the better things to come out these blogging applications from my point of view is it has taken the load off server admins as it is a lot easier to hack a wordpress site than it is than a server these days, read CSS, CSRF, SQL injection, XPath injection etc. And when something does go wrong it is usually only the one site. And so (sadly) it puts the responsibility upon the owner/maintainer of the site to make sure that they know what the code that they are using actually does.
Bloggers don't need to be developers or really even know how to code these days and it's quite inevitable that a majority of those who can code don't know how to code securely. As this type of application grows with the advances of the web there are going to be more and more of applications like wordpress and plugins for these apps showing up with and people blindly using them and adding bits and peices from here there and everywhere. Does this remind you of what happens with an operating system? Secure for the most part but once applications are installed from various sources, things start to go down hill... As mentioned in the article there are already what you could loosely consider AV and Firewall apps for wordpress and the like. Just what is going on here? Ajax and back end database controlled CMSs, it may look all nice and pretty to the website user but it also looks pretty nice to a malicious user as well.
Don't get me wrong, I enjoyed reading the article and think that there should be more of its type. It's just that we don't seem to be fixing the problem by tacking something on to cover the problem.
I apolagize for ranting on my first ever comment here but security and privacy are not only my work but my passion.

from DazzlinDonna 366 days ago #

Votes: 0 | Vote:

+ -

pageoneresults, who ate your cereal today? so, am i to assume that you, oh mighty pageoneresults have the perfect setup? that you wouldn't ever dare use a system that might get hacked? that you in fact are absolutely sure that you've done everything right to prevent such a thing? i mean, it sounds to me like you are just standing on some high and mighty podium looking down upon all us fools, laughing at our stupidity. true? well, whatever, dude. have fun on that podium of yours.

kapheroph, if i knew how to fix the problem, i surely would. but i don't. so the best i could do was offer a few ways to help the average joe find a bit of protection. it may not be bullet-proof protection, but it's better than nothing.

colin, yep, that probably would have been a better title.