Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

forgot password?



Reply


Old
  Post #1 (permalink)   07-23-2010, 05:48 AM
HD Guru
 
Join Date: Jan 2008
Posts: 536

Status: AbbieRose is offline
If you have a website that you need to protect-perhaps you even want to be sure that no one other than the hand picked people you choose can see it, what measures would you take to protect it?

Also, how would you personally log visitors to see whether there were any unauthorised visits?
 
 
 


Old
  Post #2 (permalink)   07-23-2010, 06:17 AM
HD Addict
 
Join Date: May 2008
Posts: 237
Send a message via MSN to supportfacility

Status: supportfacility is offline
Well I am not sure if you are looking for this but you can use password protection for your website. In cpanel there is 'Password Protect Directories' feature, you may use it.
 
 
 


Old
  Post #3 (permalink)   07-23-2010, 11:20 AM
CSN-UK | Charlie
 
csn-uk's Avatar
 
Join Date: Mar 2009
Location: Swindon (UK)
Posts: 470
Send a message via MSN to csn-uk

Status: csn-uk is offline
Personally I would use a pretty basic splash page that simply provides a login, something similar to the wordpress admin login would suffice, then proceed with possible security techniques such as:
  • IP logging | Record the time, date, visit count and IP of all incoming connections to the page, use the IP address as the unique ID in the database meaning the simple PHP logging the IP's will retrieve an error when adding duplicates which you handle by +1 to the existing records visit count. Run a script on cron to remove all 1/2 visit records after 1 month, 3/4 an additional month and so on dependant on what number of visits you deem a threat, ensure that you exclude the IP of your users.
  • Login | Use their IP, a Hidden field (CSS), username, password and potentially 3 drop downs containing chars A-Z and numbers 0-9 of which they will be asked to enter selected characters from a set length (often 12) secret answer (no question for the required answer). Often the username and password are asked on step 1 of login, step 2 for the drop downs.
  • Using the hidden field (css) to detect bots by ensuring you have duplicate username or password field to validate for blank entry.
  • Brute force, Cross site scripting, SQL injection, Cross-site request forgeries (CSRF) | All of these are exceedingly important threats and though the use of careful "escaping" of the data accepting and ensuring that only a reasonable number of attempts are given you should ensure you avoid many of these issues, though other techniques are available.
  • The last part really ties into the login and there are a number of ways to proceed in terms of cookies, session variables etc, personally I would use session variables and include a file in the top of every page to check said session variable for every administrative action or click.
Ensuring that sessions expire and are ended correctly to avoid the above threats is also important, and simply redirecting the user to the login page on failure, possibly use. htaccess to redirect all request s to the site to the login and then navigate from there also.

Hope some of that helps, it's pretty much what most web developers or programmers consider when creating logins in its most basic form.
__________________
CSN-UK | Shared Hosting | Dedicated | VPS | Custom Packages Avalible On Request | Quality SSL Certificates from COMODO CA
CSN-UK.net | Server Status | Client Area | Live Support
 
 


Old
  Post #4 (permalink)   07-24-2010, 10:29 AM
HD Wizard
 
Join Date: Mar 2005
Location: Atlanta, GA
Posts: 2,264

Status: handsonhosting is offline
Along with the above options, when we have exploits on a site and we need the developer to modify content but not let anyone else have access to the site, a simple DENY statement in an .htaccess file will block everyone from seeing the website. Then an ALLOW statement with just their IP number allows them to continue to test and work on things until everything is resolved and we then remove the DENY statement.

So depending on the content, a login like the above suggestions could be used, or a simple IP DENY statement would work too.
__________________
Emerson Nogueira
http://www.HandsOnWebHosting.com
cPanel Web Hosting, Domain Registration, Managed VPS Servers
 
 
 


Old
  Post #5 (permalink)   07-24-2010, 02:20 PM
HD Guru
 
Join Date: Jan 2008
Posts: 536

Status: AbbieRose is offline
Thank you for the replies, and handson, that's perfect. I need a high level of security for a very small site, with access to only a very few people, and that would be a nice and secure way around it (combined with the password protection we already have).
 
 
 


Old
  Post #6 (permalink)   09-20-2010, 02:55 PM
HD Newbie
 
Join Date: Sep 2010
Posts: 33

Status: SetupLink is offline
.htaccess password protect, firewall, and denyhosts
__________________
SetupLink.com | Shared, Reseller, VPS Hosting
Lowest Prices for High Quality VPS Servers
Amazing Support
 
 
 


Old
  Post #7 (permalink)   10-23-2010, 01:11 AM
HD Addict
 
Join Date: Oct 2010
Location: PlotHost.com
Posts: 196

Status: PlotHost is offline
Indeed, the IP logging/allowing is a good choise.
__________________
PlotHost - Professional Web Hosting Services
15 days money back; 24/7 support; 99.9% uptime
 
 
 
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: