The growing hacking threat to e-commerce websites, part 2
by Ilia Kolochenko - CEO at High-Tech Bridge SA - Monday, 6 January 2014.
As this article is mainly written for small e-business owners, I will omit technical details about web hacking techniques, and will focus instead on the general security mistakes that lead to vulnerabilities, which are then exploited by hackers.
One of the oldest and simplest problems is default or weak passwords used to access admin interfaces of web applications. Another related and very widespread problem is default admin panel location, such as /wp-admin/ or /administrator/ which facilitate a lot hacking of your website even with one simple XSS vulnerability. Password reuse is also a very common and dangerous practice. Avoid default admin panel location, and select strong and unique passwords so that these risks are avoided.
Another very common problem is old and outdated software. Make sure that if you are using an open source CMS such as Joomla, WordPress or osCommerce its up to date as well as all of its modules and plugins. Today, the biggest danger comes from numerous plugins that usually have plenty of vulnerabilities.
Another important point to mention is proper access control. Dont share your passwords and other credentials with people who do not necessary need to have them, otherwise once they are compromised your website will follow. It is always better to limit access to your admin panels from specific IP addresses or at least from sub-networks (in case you dont have a fixed IP). Make sure that, on your web server, file permissions are correct and other users (if any) cannot read your files.
Needless to say, the security of any web hosting service where your website is located is also important. Dont try to save money on it, as such economy may ruin your business. When selecting your hosting company, pay attention to what the companys reputation is, the client support it offers (it should have a competent security team ready to react rapidly on security incidents) and if it has a daily backup plan.
More here:
The growing hacking threat to e-commerce websites, part 2
- Joomla 1.5 - Upload An Image To Media Manager - Video - March 11th, 2014 [March 11th, 2014]
- Curso Joomla! 3.2 Bootstrap and Blank Template (parte 4) - Video - March 11th, 2014 [March 11th, 2014]
- How to Install Joomla 2.5 Manually or Browser Installation - Video - March 11th, 2014 [March 11th, 2014]
- Joomla Tutorial: 012 Create Survey's and Polls - Video - March 11th, 2014 [March 11th, 2014]
- Joomla Tutrial: 008 Make Web Pages Show up in Joomla - Video - March 11th, 2014 [March 11th, 2014]
- Joomla receives patches for zero-day SQL injection vulnerability, other flaws - March 11th, 2014 [March 11th, 2014]
- Joomla receives patches for zero-day SQL injection vulnerability - March 11th, 2014 [March 11th, 2014]
- 9.- Webmastertool y extensiones joomla - Video - March 10th, 2014 [March 10th, 2014]
- Responsive Music Player With Playlist Joomla Module - Video - March 10th, 2014 [March 10th, 2014]
- js jobs joomla 3.0 - Video - March 10th, 2014 [March 10th, 2014]
- Joomla Virtuemart new 2 version Stock Products category Placing How To place products Virtuemart - Video - March 10th, 2014 [March 10th, 2014]
- How To Upload Shell in Joomla! Site - Video - March 10th, 2014 [March 10th, 2014]
- Best Parallax Joomla Template 2014 - Video - March 10th, 2014 [March 10th, 2014]
- Video tutorial how to increase search charaters in joomla 2 5 - Video - March 10th, 2014 [March 10th, 2014]
- T-Download Store Overview - Video - March 10th, 2014 [March 10th, 2014]
- Demo of Joomla Platform mobilefriendly app 405 - Video - March 9th, 2014 [March 9th, 2014]
- Pastor 2 - Video - March 9th, 2014 [March 9th, 2014]
- Joomla Marketing - Video - March 9th, 2014 [March 9th, 2014]
- Joomla 3.x. How to manage Komento component integrations - Video - March 8th, 2014 [March 8th, 2014]
- 1.- Introduccin curso joomla 3x - Video - March 8th, 2014 [March 8th, 2014]
- Curso de Joomla! 3.2 - Template Blank e Bootstrap (parte 1) - Video - March 8th, 2014 [March 8th, 2014]
- T3 Framework - Admin area overview - General settings - Video - March 8th, 2014 [March 8th, 2014]
- Curso de Joomla! 3.2 - Bootstrap e Blank Template (parte 3) - Video - March 8th, 2014 [March 8th, 2014]
- Joomla! Resource Directory Unveiled at JoomlaDay Boston 2014 - March 8th, 2014 [March 8th, 2014]
- Stock Photo OG-RAC-2012: Joomla - Video - March 6th, 2014 [March 6th, 2014]
- Template Joomla! - Vida Yootheme Slideshow, Menu e Sidebar - Video - March 6th, 2014 [March 6th, 2014]
- Curso de Joomla! 3.2 - vdeo-tutorial Blank Template (parte3) - Video - March 6th, 2014 [March 6th, 2014]
- Curso de Joomla! 3.2 - vdeo-tutorial Blank Template (parte 5) - Video - March 6th, 2014 [March 6th, 2014]
- Curso de Joomla! 3.2 - vdeo-tutorial Blank Template (parte 6) - Video - March 6th, 2014 [March 6th, 2014]
- Curso de Joomla! 3.2 - Vdeo-tutorial Template Blank (parte 7) - Video - March 6th, 2014 [March 6th, 2014]
- Sql Joomla By Root Devil - Video - March 6th, 2014 [March 6th, 2014]
- How to Recover your Username and Password in Joomla 3 - Video - March 6th, 2014 [March 6th, 2014]
- Preview Fashion Design School Joomla Template TMT - Video - March 6th, 2014 [March 6th, 2014]
- How To Blog With Joomla - March 5 Joomla Detroit Meetup - Video - March 6th, 2014 [March 6th, 2014]
- Joomla extension tutorial - JA Extension Manager Component - Video - March 5th, 2014 [March 5th, 2014]
- The Best Free Responsive Joomla template ever - Purity III - Video - March 5th, 2014 [March 5th, 2014]
- Not a drop in the bucket: More than 1 million websites now use Drupal - March 5th, 2014 [March 5th, 2014]
- Joomla 2.5 - Configuracin global - Video - March 4th, 2014 [March 4th, 2014]
- Setting External Links in Joomla 3 using JCE - Video - March 4th, 2014 [March 4th, 2014]
- joomla 3.2 video tutorials for beginners, joomla 3.2 video tutorials step by step, - Video - March 4th, 2014 [March 4th, 2014]
- The New CMS - March 4th, 2014 [March 4th, 2014]
- Joomla! 3.2 - Publicando site no servidor com Akeeba Backup - Video - March 3rd, 2014 [March 3rd, 2014]
- Best Hosting Video | How to add RSS Newsfeeds in Joomla 2.5 - Video - March 3rd, 2014 [March 3rd, 2014]
- Joomla! 3.2 publicao do site com akeeba (parte 3) - Video - March 3rd, 2014 [March 3rd, 2014]
- Joomla! 3.2 publicando site com akeeba (parte2) - Video - March 3rd, 2014 [March 3rd, 2014]
- [SEMINARIO] Come creare un sito Joomla! in pochi passi - Video - March 3rd, 2014 [March 3rd, 2014]
- Joomla extension tutorials - JA Multilingual Component - Video - March 3rd, 2014 [March 3rd, 2014]
- Exploit Joomla site by JCE Editor using PHP Script and google dork - Video - March 3rd, 2014 [March 3rd, 2014]
- Joomla! 3.2 vde-tutorial Blank Template (parte2) - Video - March 3rd, 2014 [March 3rd, 2014]
- Preview Magnificent Beer Pub Joomla Template TMT - Video - March 2nd, 2014 [March 2nd, 2014]
- Best Hosting Video | How to create a database backup of Joomla 2.5 using phpMyAdmin - Video - March 2nd, 2014 [March 2nd, 2014]
- joomla installation step by step - Video - March 2nd, 2014 [March 2nd, 2014]
- Preview University Responsive Joomla Template TMT - Video - March 2nd, 2014 [March 2nd, 2014]
- how to install joomla 3-2-2 on localhost windows 7 easy 8 min - Video - February 28th, 2014 [February 28th, 2014]
- Joomla! User Group Toronto Steering Committee Meeting 2014/02/26 - Video - February 28th, 2014 [February 28th, 2014]
- Security Patch Joomla 1.5 - Video - February 28th, 2014 [February 28th, 2014]
- NetHosting Adds Unprecedented Web Maintenance Service to Product Lineup - February 28th, 2014 [February 28th, 2014]
- 63 Agency - A Pro Joomla 2.5 / 3.0 Responsive Template - Video - February 27th, 2014 [February 27th, 2014]
- joomla tutorial, joomla tutorials video, Joomla 3.2 Video Tutorials - Video - February 27th, 2014 [February 27th, 2014]
- Joomla Destination Container - Video - February 27th, 2014 [February 27th, 2014]
- Joomla! Framework Licensing Debate & Explaination - Video - February 27th, 2014 [February 27th, 2014]
- Preview White Apparel Joomla Template by Jade TMT - Video - February 27th, 2014 [February 27th, 2014]
- Best Hosting Video | How to create Featured (Front page) Articles in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
- Best Hosting Video | How to block or delete a Super Administrator in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
- Best Hosting Video | How to use Private Messaging in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
- Best Hosting Video | How to manage Weblinks in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
- Best Hosting Video | How to manage Languages in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
- Best Hosting Video | How to create a Login module in Joomla 2.5 - Video - February 27th, 2014 [February 27th, 2014]
- ACL no Joomla! 3.2 - Video - February 25th, 2014 [February 25th, 2014]
- Joomla! 3.2 Autenticao com TwoFactor - Video - February 25th, 2014 [February 25th, 2014]
- JOOMLA 2.5 TUTORIAL LESSON 1 - Video - February 25th, 2014 [February 25th, 2014]
- Buzzflash.com Launches a New Joomla Portal for Truthout News Organization - February 25th, 2014 [February 25th, 2014]
- How to set user permissions in J!Extranet 5.0 and Joomla 2.5 - Video - February 25th, 2014 [February 25th, 2014]
- View different folder permissions in J!Extranet 5.0 and Joomla 2.5 - Video - February 25th, 2014 [February 25th, 2014]
- View user logs in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
- How to upload files, delete files, create folders in J!Extranet 5.0 Extended version and Joomla 2.5 - Video - February 25th, 2014 [February 25th, 2014]
- How to use My Vault in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
- How to remove front-end menu items in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
- How to set user permissions in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]
- How to move folders in J!Extranet 5.0 and Joomla 3.x - Video - February 25th, 2014 [February 25th, 2014]