1. Clicking on buttons on the site which activates malicious scripts.
2. Told that a particular program does not work and requires you to download a another program or extension.
3. Trojans, virus or spyware hidden in the software cracks, or keygen.
You must have at least one security software program installed on your PC. However, it is impossible to guarantee that the software will definitely protect you against any or all the possible viruses, trojans and malicious programs.
If you find that your PC behaves abnormally, such as unsolicited pop-up ads, shutting down of applications, poor internet connections (or busy connections), etc, there is a good chance that your PC is infected. You will need to waste quite a bit of time to either remove the infected file, or to reformat and reinstall the entire hard disk again. Again, prevention is always better than cure.
There are many different types of attacks hackers can conduct in order to take partial or total control of a website. In general, the most common and dangerous ones are SQL injection and cross-site scripting (XSS)
SQL injection is a technique to inject a piece of malicious code in a web application, exploiting a security vulnerability at the database level to change its behavior. It is a really powerful technique, considering that it can manipulate URLs (query string) or any form (search, login, email registration) to inject malicious code. You can find some examples of SQL injection at the
Recover Lost PartitionWeb Applications Security Consortium
There are definitely some precautions that can be taken to avoid this kind of attack. For example, it’s a good practice to add a layer between a form on the front end and the database in the back end. In PHP, the PDO extension is often used to work with parameters (sometimes called placeholders or bind variables) instead of embedding user input in the statement. Another really easy technique is character escaping, where all the dangerous characters that can have a direct effect on the database structure are escaped. For
instance, every occurrence of a single quote [‘] in a parameter must be replaced by two single quotes [”] to form a valid SQL string literal. These are only two of the most common actions you can take to improve the security of a site and avoid SQL injections. Online you can find many other specific resources that can fit your needs (programming languages, specific web
applications …).
The other technique that we’re going to introduce here is cross-site scripting (XSS). XSS is a technique used to inject malicious code in a webpage, exploiting security vulnerabilities of web applications. This kind of attack is possible where the web application is processing data obtained through user input and without any further check or validation before returning it to
the final user. You can find some examples of cross-site scripting at the Web Application Security Consortium.
There are many ways of securing a web application against this technique. Some easy actions that can be taken include:
-Stripping the input that can be inserted in a form (for example, see the strip tags function in PHP);
-Using data encoding to avoid direct injection of potentially malicious characters (for example, see the htmlspecialchars function in PHP);
-Creating a layer between data input and the back end to avoid direct injection of code in the application.
SQL injection and cross-site scripting are only two of the many techniques used by hackers to attack and exploit innocent sites.
As a general security guideline, it’s important to always stay updated on security issues and, in particular when using third party software, to make sure you’ve installed the latest available version. Many web applications are built around big communities, offering constant support and updates.
To give a few examples, four of the biggest communities of Open Source content management systems — Joomla, WordPress, PHP-Nuke, and Drupal — offer useful guidelines on security on their websites and host big community-driven forums where users can escalate issues and ask for support.
For instance, in the Hardening WordPress section of its website, WordPress offers comprehensive documentation on how to strengthen the security of its CMS. Joomla offers many resources regarding security, in particular a Security Checklist with a comprehensive list of actions webmasters should take to improve the security of a website based on Joomla. On Drupal’s site, you can access information about security issues by going to their Security section. You can also subscribe to their security mailing list to be constantly updated on ongoing issues. PHP-Nuke offers some documentation about Security in chapter 23 of their How to section, dedicated to the system management of this CMS platform. They also have a section called Hacked — Now what? that offers guidelines to solve issues related to hacking.
