Posted by Philip Ronan on 10/24/05 11:29

"leke" wrote:

> Can anyone recommend a good book or online resource about web site
> hacking prevention. Even something along the lines of how to hack web
> sites would also do the job.

A good place to start is <http://www.hudzilla.org/phpbook/read.php/17_0_0>,
which seems to cover most of the security issues in PHP.

You should also be very careful with any scripts written by third parties,
and make sure you always have the latest version running. Thousands of
websites were wiped out last year by a worm that exploited a security hole
in the phpBB bulletin board script, for example.

Google will probably give you plenty of other references for common
practices like email header injection, SQL injection, referer spam, and
protecting email addresses.

The Apache module mod_security can deal with many of these problems:
<http://www.modsecurity.org/>

--
phil [dot] ronan @ virgin [dot] net
http://vzone.virgin.net/phil.ronan/

[Back to original message]