Preventing a system from unauthorized access, modification, disruption, or destruction.
8
votes
2answers
99 views
Is it sufficient to secure a order status page just by a random URL?
After a (corporate) customer bought some items in our online shop, we send an email with an overview what he has bought to him.
We'd like to inform our customer about received payments, packet ...
1
vote
4answers
69 views
Website Systematically Blocking IP Addresses
I have a series of websites hosted at the same server. The issue I am having is that it keeps blocking me access from different means to the sites. Allow me to explain:
From my IP, Blocked.
From ...
0
votes
2answers
25 views
Using SSL Certification in Multiple Locations
I have some issues with respect to using SSL Certificates. I have a website hosted in UK and I also have an organisation in South Africa hosting my company application online for web access.
The ...
0
votes
1answer
31 views
how do I avoid spam domains to point to my site or IP hosting tomcat application
I can across a issue where i saw some xyz.com is pointing to mydomain.com.
I am not using apache, nor IIS but tomcat 7 directly.
How to I avoid such other spam domains to point to mydomain.com?
I ...
0
votes
1answer
17 views
Web server with or without Panel [closed]
I start a Web server for my company for hosting about 15 website and I didn't install a Control Panel, I do everything by command and i'm pretty comfortable with it but do you think i'm losing time by ...
1
vote
1answer
301 views
Site got hacked while many / all security leaks have been removed [closed]
I've got a website with this code appended to my php document :
<?
#8f4d8e#
...
1
vote
5answers
78 views
How do webmasters store and keep track of their passwords [closed]
I'm developing a site for the first time, and I'm trying to work out the best way to store and track all the accounts/passwords e.g. Server passwords, ftp passwords, API passwords (FB, Google, ...
6
votes
1answer
149 views
Security: Hide mysql connection details file
Ok, so I know this must be a very basic question, but my problem is the following: I have developed my first PHP mini-app (so I'm fairly new to this) and I am pretty sure that there are two files of ...
2
votes
2answers
76 views
Any suggestions for a change detection system?
As a webdesigner/webmaster I'm taking care of various websites. Recently one client's website got "hacked". It turned out that at their office one computer got infected by a trojan, that spied the ftp ...
2
votes
1answer
78 views
How to log username in Apache logs?
I need some help regarding how to log the user-name into apache logs. I'm building a use-case for Security Information Event Management.
Is the method the same in case of IIS or just applicable to ...
2
votes
1answer
247 views
Pass IMG SRC via GET and echo it? Is that really secure?
I was wondering how I can make a really simple GET and echo request more secure
The code:
$src = $_GET['src'];
echo "<img src='$src' />";
Basically, I have a URL like ...
3
votes
2answers
59 views
How to safely saving users' data and NOT get responsibility of users' data?
I am programming a website which will save up users' inputs for their next visits. For example, I might save their phone numbers. The user will know that I save their phone numbers. However, do I need ...
0
votes
0answers
44 views
Insecure Php code allow other malicious code to run [closed]
Got an email from the web host that I used for a small website. Basically they disable the website and says the php code on it was used to scan for vulnerabilitity on their shared hosting platform, ...
1
vote
1answer
23 views
Compromised private RSA key
What sorts of problems can be caused by a compromised private RSA key? Is this even that big of a deal? I'm getting very little specific info on Google. :(
2
votes
2answers
83 views
How to have google index a login protected url?
For example, my site:
http://abcde.foobar.com is protected by a "single sign on" login page hosted at http://sso.foobar.com, so when a user visits "abcde", they get redirected to the "sso" login page ...
