Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Enthusiast Zone > Networking > What use to secure you websites?

What use to secure you websites?
Thread Tools
kevs
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 23, 2017, 10:30 PM
 
Part of these new security questions is I was just forced to get a new webhoster for my website.

The old one I guess just did security for free.

Go daddy (new hoster) charges $60 year per website and scans for malware and includes malware removal and Google undo Blacklist.

Question: is this necessary, worth it, or is better cheaper alternative to them?

Brute force, the password I choose a site said would take billion years to crack, but they claim hackers could have multiple ips...

Top
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Nov 24, 2017, 10:01 AM
 
Do you run a CMS on your website? If so, which and what version? Does your site include a form that does something? If so, what? How will you upload new files to GoDaddy? Via some sort of web app that includes two-factor authentication, or just plain old FTP? Do you understand enough about file system permissions to not create a directory/file exposed to the entire world?
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 24, 2017, 11:24 AM
 
B, thanks confusing question. I upload with FTP through Interarchy software.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Nov 24, 2017, 11:53 AM
 
Is your site just static HTML/Javascript?
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 25, 2017, 12:09 AM
 
Yeah, old fashion static html.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Nov 25, 2017, 01:21 AM
 
Then no, you don't really have anything to worry about except your FTP password. If you were concerned with that you could use SFTP if GoDaddy offers that.
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 25, 2017, 01:27 AM
 
B
Why don't I have anything to worry about?

What is sftp, does it cost extra?

My ftp password is strong, but no worry? Don't need their service? When do you recommend?
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Nov 26, 2017, 02:42 PM
 
The security scanners generally don't try to guess your password, because brute force methods such as this are often too disruptive.

Here are some other things an automated scanner might scan for:

1) forms that could be manipulated (SQL injections, XSS, CSRF, etc.) most/all frameworks deal with this automatically, but there might still be some old ass stuff out there that could be found and used to one's advantage. You said you have no forms or middleware language (e.g. Node.js, Ruby, Python, etc.) so this doesn't apply, because straight up HTML and client-side javascript does not provide form processing, and without these languages you don't have a database either

2) outdated versions of software such as WordPress, OpenSSL, etc. that would have known exploits and a recipe for exploitation. You don't run any of this.

3) writable directories where bots can attack other hosts and decentralize. You have no need to change permissions manually because this is unneeded by HTML/Javascript, and your host will have setup sensible default permissions.

4) a scanner would look for rogue services running on TCP/UDP ports, but the chances of this are really low since you haven't provided any sort of attack vector.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Nov 26, 2017, 02:46 PM
 
I would suggesting googling SFTP, and seeing if GoDaddy provides this service. It will encrypt your password being sent to the server for FTP authentication. Without this if somebody were to perform some sort of man-in-the-middle attack, wifi/network sniffing, etc. they could obtain your clear-text password.

I wouldn't say that the chances of this are high since you probably don't connect to the FTP server very often and so much would have to line up in a sort of perfect storm scenario to pull this off, but if you wanted to do one thing to improve your security this couldn't hurt. There is never a time when an unencrypted option is better than an encrypted option, security-wise.
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 26, 2017, 05:47 PM
 
Thanks B, some of this is over my head but get gist. I think Godaddy probably charge extra for that is my guess SFTP, but not sure.

Should I PM you my sitemap, if give you a better idea?
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Nov 27, 2017, 09:55 AM
 
Originally Posted by kevs View Post
Thanks B, some of this is over my head but get gist. I think Godaddy probably charge extra for that is my guess SFTP, but not sure.

Should I PM you my sitemap, if give you a better idea?

I doubt they would charge extra for that. Your sitemap actually won't give me a better idea, but I hope this general advice has been helpful.
     
kevs  (op)
Mac Elite
Join Date: Aug 2003
Status: Offline
Reply With Quote
Nov 27, 2017, 05:46 PM
 
Thanks
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 02:28 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,