Hai good Morning everyone! do you know web development, are we talking about web development or web all alone, but anything which ever makes a sense. But you need to understand web technology is something going high and web technology is something of the future. One must understand Web might be fun and web is very deadly and dangerous for your business if you don’t have a knowledge of web solutions. We did come across some hundreds of them who pretend to know the web development without knowing a basic knowledge of plain 1990′s HTML knowledge.

All we want to tell them is just concentrate on what you would want to learn better and what you want to achieve, never try to copy the codes of other sites, or templates of other sites and make it your own, coz you are sure that your site is the one which is going to be attacked first! What are we talking about the attack! well yeah they are many ways people would attack your website just for fun, resolution or revolution or revenge. So don’t be a big fool to do the stupid things and make it a worst nightmare.

List of things we tell to most of them who pretend to know web knowledge is just a simple w3c standard webpage in notepad then we would talk. Be careful if you are using any of the templating system prebuilt like FrontPage, Dreamweaver, Webdev, Web Monkey or what so ever, use them as a structuring but not copy and paste the self driven code, coz they have so many loop holes.  Once your website has been hit by the first time, that literally means some bot is listening to your website (domain) and we guarantee you that they will come back again with different solution to hit you back and welcome to the game.

So lets talk about some of the main causes which would put your website down (Let it be Joomla, WordPress, Drupal, PHPwebsite, Pmachine or what so ever) one small hole leads to the disaster.

List of things to be done in drupal site once you install.

1. Set up the CRON JOBs where necessary and do it right – There is no second option for it, else your site is got to be doomed within few hours.

2. Message MSOffice/cltreq.asp – Severity warning

Message _vti_bin/owssvr.dll – Severity warning

3. Check your template with compatibility to the browser events

4. Check every script thoroughly

5. Don’t alias the links if its not necessary

6. Make the Ratios of script without much of Javascript

7. Upload the site in ASCII Mode

8. Don’t work on templates prebuilt or from any softwares locally – they leave way too many loop holes

9. Less of Image links or irregular aliasing for menu options

10.  Looping to be active from Cron and CGI Bin

11. drupal use index.php, instead of index.html, this is configured in the web server. say, inside the httpd.conf file if u are using apache httpd as your web server.  – A wrongly written .htaccess file or misconfiguration can lead to spoofing of your whole site and within minutes.

12. No using of Iframes of scripts which write index frames in the site

13. No copy paste from word to the online editior

14. It is possible that someone used SQL Injection to add JavaScript into the footer, the mission, a node body, etc.  Many Anti Virus programs will identify that as a malicious script in “index.php” if you do not have clean urls and use URLs like “index.php?q=”   SQL Injection in general is not particularly common in Drupal.

15. As you can see, XSS is the most common issue – almost covering 50%. Access Bypass, CSRF, SQL Injection, and Code Execution are the next most common making up a about a quarter of the weaknesses.

It’s important to note that these are only vulnerabilities for which there has been a Security Announcement. Many more exist only on an individual site with improper configuration or a custom module or theme and can never be included in an analysis like this.

Quatre Bornes Town Portal Share

•