Website development has taken on a dark passenger in recent years. As the number of websites continues to grow exponentially, the internet now ubiquitous in our daily lives with more and more of our personal information passed around online via online shopping, bill paying, banking accounts and Facebook, the number and voracity of individuals seeking to hack those sites and exploit our personal information has exploded.
And these days hackers are no longer focusing primarily on big banks, governments, large online retailers and web giants such as Google and Facebook. Small and medium sites, which usually have fewer security measures in place, have become frequent and often easy targets for these cyber attacks making millions of web pages hacker landmines.
Assuming a defensive posture
No doubt about it, our websites are at higher risk than ever before. Even UVM is not exempt from attacks and attempts to hack into data or infect the system are regular occurrence. Occasionally, the hackers have met with success. Thus far, no sensitive data has been harvested from and no serious damage has been inflicted on the UVM website – we’ve been lucky. To assure the website is not attacked in the future, there are basic steps that UVM web developers should and must take to minimize website hacks.
- Protect your passwords
Not only could someone with your credentials deface your website and hack into your email, they can potentially upload harmful code to the UVM web servers causing a myriad of problems from negatively affecting server performance to causing site visitors to download malware or viruses. Creating very simple passwords, speaking them aloud in a public space, sending them in email or writing them down all increase the possibility that they will be discovered by a hacker.
- Don’t set files or folders to world-writable
Anyone logged into zoo has the ability to edit or add files to your world-writable files and folders and if an outside hacker is able to enter the server, they will be able to do the same.
- Practice secure coding practices
If you use PHP or mySQL on your website, your security risk is greater. It is important to verify that your code is secure. There are several PHP security concerns including SQL injections, cross site scripting, and remote file inclusion that should be considered.
Cyber-attacks are a serious threat for all web developers, but by taking a few precautions, you can significantly reduce your vulnerability to such attacks. An ounce of prevention is worth a pound of cure.
Members of the UVM community can access more detailed information about secure web coding practices on ETS’s Wiki.