I have a dedicated server on which resides my very small but rather busy web site. The domain is "small" in that the site has very few static pages (five hundred or so) which are small and simple, plus a very quiet forum (one or two posts a day, on average). The domain is "busy" in that eighty or so thousand people visit during the "up" time. (North American summers are the "down" time.)
This year, I seem to have passed some Rubicon of perceived size. I am being flooded by requests from advertisers of varying degrees of reputability, and have begun to suffer hacking attacks, largely attempts to serve up malware to my site's visitors through "injections" (?) into the ad-serving database.
I'm a retired teacher. My site has gotten to be of a size such that it is experiencing issues that I don't know how properly to handle. I would like =not= to have to deal with security issues after they happen (but I don't have the expertise to "harden" my server, etc, sufficiently to prevent issues in the first place) or to have to "clean" MySQL databases after the fact.
I am interested in recommendations for third-party security services. I am vaguely familiar with WebsiteDefender, Qualys, and Dasient, but I don't know enough to be able to say if any of these is even what I'm looking for.
Qualys is decent as is Nessus, metasploit any many others but your biggest problem is sql injection vulnerabilities and lack of patching, you dont need scanners to tell you that.
Even with the professional feed and all the web application plugins, tools like Nessus will only tell you what you alrady know - open source code is full of SQL injection and stack overflow vulnerabilities - and the exploit code is on the forums for anyone to use.
Fix the sql/xss injection vulnerabilities in your GET and POST and get a proper host that patches.