homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Professional Webmaster Business Issues
Forum Library, Charter, Moderators: LifeinAsia & httpwebwitch

Professional Webmaster Business Issues Forum

recommendations for third-party security monitoring?
need somebody knowledgeable to block attacks

WebmasterWorld Senior Member 10+ Year Member

Msg#: 4344220 posted 8:23 pm on Jul 26, 2011 (gmt 0)

I have a dedicated server on which resides my very small but rather busy web site. The domain is "small" in that the site has very few static pages (five hundred or so) which are small and simple, plus a very quiet forum (one or two posts a day, on average). The domain is "busy" in that eighty or so thousand people visit during the "up" time. (North American summers are the "down" time.)

This year, I seem to have passed some Rubicon of perceived size. I am being flooded by requests from advertisers of varying degrees of reputability, and have begun to suffer hacking attacks, largely attempts to serve up malware to my site's visitors through "injections" (?) into the ad-serving database.

I'm a retired teacher. My site has gotten to be of a size such that it is experiencing issues that I don't know how properly to handle. I would like =not= to have to deal with security issues after they happen (but I don't have the expertise to "harden" my server, etc, sufficiently to prevent issues in the first place) or to have to "clean" MySQL databases after the fact.

I am interested in recommendations for third-party security services. I am vaguely familiar with WebsiteDefender, Qualys, and Dasient, but I don't know enough to be able to say if any of these is even what I'm looking for.

Thank you.




WebmasterWorld Senior Member 10+ Year Member

Msg#: 4344220 posted 8:48 pm on Jul 30, 2011 (gmt 0)

Qualys is decent as is Nessus, metasploit any many others but your biggest problem is sql injection vulnerabilities and lack of patching, you dont need scanners to tell you that.

Even with the professional feed and all the web application plugins, tools like Nessus will only tell you what you alrady know - open source code is full of SQL injection and stack overflow vulnerabilities - and the exploit code is on the forums for anyone to use.

Fix the sql/xss injection vulnerabilities in your GET and POST and get a proper host that patches.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Professional Webmaster Business Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved