Page 1 of 2 12 LastLast
Results 1 to 25 of 33
  1. #1
    Thailand Expat
    Albert Shagnastier's Avatar
    Join Date
    Mar 2012
    Last Online
    22-03-2015 @ 09:09 PM
    Location
    City of Angels
    Posts
    7,164

    Website Security

    Any IT Security wizards on here that can answer a few questions?

    If you have several websites (that are based on US servers) which are getting hacked maliciously regularly and want to change the whole set-up to be more secure - what is the cheapest and simplest way?

    Get your own server?

    If in Thailand would you rent directly from TOT/True or buy one and run it from home?

    If using Joomla and Virtuemart, what are the most essential security settings in the back end that you must select to secure the site?

    If anyone can recommend any good online info resources or remote co's that are good and reasonably priced and can help - I'd appreciate the info - cheers.

  2. #2
    I am in Jail
    Butterfly's Avatar
    Join Date
    Mar 2006
    Last Online
    01-02-2019 @ 03:12 PM
    Posts
    39,832
    Quote Originally Posted by Albert Shagnastier
    If you have several websites (that are based on US servers) which are getting hacked maliciously regularly and want to change the whole set-up to be more secure - what is the cheapest and simplest way?
    it's not going to be cheap. Securing a server hard is feasible, the question is how far you want to go. When obvious security holes are there, you have all the kids trying their intrusion script. If your security is strong, much harder for the kids and they give up easily. If your website has no intrinsic value or doesn't store valuable information, skilled hackers won't bother, hence you are safe. If you have a high profile website, then you will need serious help and that can costs quite a lot to have real experts and tools to secure all your website traffic.

    Quote Originally Posted by Albert Shagnastier
    Get your own server?
    you could, but if you have no clue on securing a server, it won't be safe even if you own it.

    Quote Originally Posted by Albert Shagnastier
    If in Thailand would you rent directly from TOT/True or buy one and run it from home?
    not really feasible and more prone to hacking IMO,

  3. #3
    I am in Jail
    Butterfly's Avatar
    Join Date
    Mar 2006
    Last Online
    01-02-2019 @ 03:12 PM
    Posts
    39,832
    Quote Originally Posted by Albert Shagnastier
    If anyone can recommend any good online info resources or remote co's that are good and reasonably priced and can help - I'd appreciate the info - cheers.
    define reasonable priced ? you won't find all the answers online. These skills are learned on the job and the know-how is often not shared.

    Basically you are fucked and need to find a reliable hosting company that can secure servers, not the cheap co-host for 15 USD per year

  4. #4
    Thailand Expat Jesus Jones's Avatar
    Join Date
    Aug 2008
    Last Online
    22-09-2017 @ 11:00 AM
    Posts
    6,952
    Joomla forum would be the best place to ask i think.

  5. #5
    I am in Jail
    Butterfly's Avatar
    Join Date
    Mar 2006
    Last Online
    01-02-2019 @ 03:12 PM
    Posts
    39,832
    When I had to secure my server farm, a quick audit cost me about 10,000 USD for about 25 hosts. Then I had the experts draw me a security plan and implement it. That was another 15,000 USD for the farm.

    if it's one small website with Joomla and Virtuemart, you are dealing with "no value" assets so basically, good basic measures needs to be implemented, like password patterns etc...

  6. #6
    I am in Jail
    Butterfly's Avatar
    Join Date
    Mar 2006
    Last Online
    01-02-2019 @ 03:12 PM
    Posts
    39,832
    if you are suffering from DoS attacks, then make sure to take the anti-DoS option from your hosting company, it's usually another 20 USD per host per year

  7. #7
    Thailand Expat
    Albert Shagnastier's Avatar
    Join Date
    Mar 2012
    Last Online
    22-03-2015 @ 09:09 PM
    Location
    City of Angels
    Posts
    7,164
    Quote Originally Posted by Butterfly
    you could, but if you have no clue on securing a server, it won't be safe even if you own it.
    Ok. So if I get a server here and pay a local security expert to maintain it this could work right?

    What sort of cost per site (joomla/virtuemart/50 or so products) (one off at the beginning and then monthly via retainer) would you guesstimate?

    And how much if you use a reliable western company?




    Quote Originally Posted by Jesus Jones
    Joomla forum would be the best place to ask i think.
    I don't have the time to learn the skills unfortunately so will have to sub the work out.

  8. #8
    I am in Jail
    Butterfly's Avatar
    Join Date
    Mar 2006
    Last Online
    01-02-2019 @ 03:12 PM
    Posts
    39,832
    Quote Originally Posted by Albert Shagnastier
    Ok. So if I get a server here and pay a local security expert to maintain it this could work right?

    What sort of cost per site (joomla/virtuemart/50 or so products) (one off at the beginning and then monthly via retainer) would you guesstimate?

    And how much if you use a reliable western company?
    I could get you a secure server on European hosts with an annual contract for about 6,000 EUR per year. That would be a professional contract.

    Your company will need to be a real business, not some dodgy personal one.

  9. #9
    I am in Jail
    Butterfly's Avatar
    Join Date
    Mar 2006
    Last Online
    01-02-2019 @ 03:12 PM
    Posts
    39,832
    Quote Originally Posted by Albert Shagnastier
    which are getting hacked maliciously regularly
    can you define the type of malicious hacking you are suffering from ? defacing ? DoS ? Zombie Takeover ? Spambot ?

  10. #10
    Thailand Expat
    Albert Shagnastier's Avatar
    Join Date
    Mar 2012
    Last Online
    22-03-2015 @ 09:09 PM
    Location
    City of Angels
    Posts
    7,164
    Quote Originally Posted by Butterfly
    When I had to secure my server farm, a quick audit cost me about 10,000 USD for about 25 hosts. Then I had the experts draw me a security plan and implement it. That was another 15,000 USD for the farm. if it's one small website with Joomla and Virtuemart, you are dealing with "no value" assets so basically, good basic measures needs to be implemented, like password patterns etc...
    It's on the lowest level moneywise but still... doing my nut.

    As I just replied to JJ - I don't have the time to learn the skills. Basically, I can do the sites 90% myself. For the 10% I've used freelancers of freelancerdotcom - I think that's where the trouble started.

    So I need to get a server (secure) and rebuild the sites from scratch alone and then pay someone a (relitively small i hope) fee just to have a check if something goes wrong?

  11. #11
    Thailand Expat
    Albert Shagnastier's Avatar
    Join Date
    Mar 2012
    Last Online
    22-03-2015 @ 09:09 PM
    Location
    City of Angels
    Posts
    7,164
    Quote Originally Posted by Butterfly View Post
    Quote Originally Posted by Albert Shagnastier
    which are getting hacked maliciously regularly
    can you define the type of malicious hacking you are suffering from ? defacing ? DoS ? Zombie Takeover ? Spambot ?
    Again - don't know enough about this area to comment really but emails hacked/passwords changed and yesterday my server shut down one of the sites saying it was sending out millions of spam emails. Could be cloaking/re-directing etc.

  12. #12
    I am in Jail
    Butterfly's Avatar
    Join Date
    Mar 2006
    Last Online
    01-02-2019 @ 03:12 PM
    Posts
    39,832
    then you are fucked, I suggest you shutdown everything, if revenues are small, less than 5000 USD per year, not worth it

    Securing is expensive,

    of course if your time is not worth much, then learning is the way

    is it Windows or Unix based ?

  13. #13
    Thailand Expat
    Albert Shagnastier's Avatar
    Join Date
    Mar 2012
    Last Online
    22-03-2015 @ 09:09 PM
    Location
    City of Angels
    Posts
    7,164
    Quote Originally Posted by Butterfly
    I could get you a secure server on European hosts with an annual contract for about 6,000 EUR per year. That would be a professional contract.
    Nothing like that mate, just simple/smallscale 3/4 sites using joomla/virtuemart with standard off the shelf templates . payment through paypal.

  14. #14
    I am in Jail
    Butterfly's Avatar
    Join Date
    Mar 2006
    Last Online
    01-02-2019 @ 03:12 PM
    Posts
    39,832
    Quote Originally Posted by Albert Shagnastier
    rebuild the sites from scratch alone and then pay someone a (relitively small i hope) fee
    nobody serious is going to bother with your website if you can't pay them anything. What is your definition of a small fee ? if it's only a few hundreds, then you will get students or Indians that will sell your info on the "blackmarket" once they have "secured" the server.

    Your best chance is to use a serious personal hosting company, not a co-host, with a small managed contract, could be about 100 USD per month. Not sure you will get much from them at that price, but you could try.

    Using Freelance_com is asking for trouble, above all when you give them direct access to your servers to fix things. A big no-no in security compliance or security guidelines. Never give a password to a third party.

  15. #15
    Thailand Expat
    Albert Shagnastier's Avatar
    Join Date
    Mar 2012
    Last Online
    22-03-2015 @ 09:09 PM
    Location
    City of Angels
    Posts
    7,164
    Quote Originally Posted by Butterfly View Post
    then you are fucked, I suggest you shutdown everything, if revenues are small, less than 5000 USD per year, not worth it

    Securing is expensive,

    of course if your time is not worth much, then learning is the way

    is it Windows or Unix based ?
    windows

    Maybe like you say I should just shut them down and sell through ebay instead. Let them deal with the security.

  16. #16
    Thailand Expat
    Albert Shagnastier's Avatar
    Join Date
    Mar 2012
    Last Online
    22-03-2015 @ 09:09 PM
    Location
    City of Angels
    Posts
    7,164
    Quote Originally Posted by Butterfly
    nobody serious is going to bother with your website if you can't pay them anything. What is your definition of a small fee ? if it's only a few hundreds, then you will get students or Indians that will sell your info on the "blackmarket" once they have "secured" the server.
    Yup - exactly what's happened I think.

  17. #17
    Thailand Expat
    Albert Shagnastier's Avatar
    Join Date
    Mar 2012
    Last Online
    22-03-2015 @ 09:09 PM
    Location
    City of Angels
    Posts
    7,164
    Quote Originally Posted by Butterfly
    Your best chance is to use a serious personal hosting company, not a co-host, with a small managed contract, could be about 100 USD per month. Not sure you will get much from them at that price, but you could try.
    That's affordable - thanks, I'll look into that.
    Quote Originally Posted by Butterfly
    Using Freelance_com is asking for trouble, above all when you give them direct access to your servers to fix things. A big no-no in security compliance or security guidelines. Never give a password to a third party.
    I know that now

  18. #18
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Today @ 02:19 AM
    Posts
    61,204
    Fecking quality!


  19. #19
    Thailand Expat
    Albert Shagnastier's Avatar
    Join Date
    Mar 2012
    Last Online
    22-03-2015 @ 09:09 PM
    Location
    City of Angels
    Posts
    7,164
    Quote Originally Posted by harrybarracuda
    Fecking quality!
    Glad you think it's funny you prick.

  20. #20
    I am in Jail
    Butterfly's Avatar
    Join Date
    Mar 2006
    Last Online
    01-02-2019 @ 03:12 PM
    Posts
    39,832
    don't mind harry, his sense of security is about hiding in his mom basement to play Call of Duty on his XBOX

  21. #21
    I am in Jail
    Butterfly's Avatar
    Join Date
    Mar 2006
    Last Online
    01-02-2019 @ 03:12 PM
    Posts
    39,832
    Quote Originally Posted by Albert Shagnastier
    Maybe like you say I should just shut them down and sell through ebay instead. Let them deal with the security.
    that's what most people do, they can't handle the security and the management of a small website operation

  22. #22
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Today @ 02:19 AM
    Posts
    61,204
    Quote Originally Posted by Albert Shagnastier View Post
    Quote Originally Posted by harrybarracuda
    Fecking quality!
    Glad you think it's funny you prick.
    Funny, I think it's fecking hilarious! Computer advice from Buttplug!

    HAHAHA!

    Butters, what was it you were saying about someone stiffing you for Bt20,000!

    When I had to secure my server farm, a quick audit cost me about 10,000 USD for about 25 hosts. Then I had the experts draw me a security plan and implement it. That was another 15,000 USD for the farm.

  23. #23
    Thailand Expat
    Albert Shagnastier's Avatar
    Join Date
    Mar 2012
    Last Online
    22-03-2015 @ 09:09 PM
    Location
    City of Angels
    Posts
    7,164
    Quote Originally Posted by harrybarracuda View Post
    Quote Originally Posted by Albert Shagnastier View Post
    Quote Originally Posted by harrybarracuda
    Fecking quality!
    Glad you think it's funny you prick.
    Funny, I think it's fecking hilarious! Computer advice from Buttplug!

    HAHAHA!

    Butters, what was it you were saying about someone stiffing you for Bt20,000!

    When I had to secure my server farm, a quick audit cost me about 10,000 USD for about 25 hosts. Then I had the experts draw me a security plan and implement it. That was another 15,000 USD for the farm.
    So what would your advice be then harry?

  24. #24
    disturbance in the Turnip baldrick's Avatar
    Join Date
    Apr 2006
    Last Online
    Today @ 07:38 AM
    Location
    Heidleberg
    Posts
    21,669
    Quote Originally Posted by Albert Shagnastier
    using Joomla and Virtuemart
    stop - why would you use a space shuttle to pull a somtam cart ?

    your server should only be running a webserver serving basic web pages on port 80 ( have SSH daemon running to admin the server ) - link the purchase product link to a ebay/paypal page and let them look after that sh1t

    'tinternet security is so fcuked because everyone is running software meant to manage massive database backends and then allowing all sorts of offsite calls to make the thing "pretty" and serve ads etc

    if you have 10 products it should require about 12 static pages ( one index page and , 10 product spec pages and a contact page ) and no javascript

    if your server provider ( will be a virtual server anyway ) gets hacked , nothing you can do will help

  25. #25
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Today @ 02:19 AM
    Posts
    61,204
    Quote Originally Posted by Albert Shagnastier View Post
    So what would your advice be then harry?
    Well you're the fecking expert mate, surely one of your tin foil hat insiders can tell you how to protect yourself from the CIA.


Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •