Build an (almost) unhackable page
 

Encrypted users database with a hidden key, so even if a fucking hacker gets access to the server he can't get their info...

What to do to protect the server 99%?

Is it possible?

How?

BTW: I have asked before on the fucking Q&A but it seems no body checks there...

:helpme

Anything is possible sherlock.....

The only secure server is one that is not hooked up to the net !!! There really is no such thing as a secure solution :)



Tim
:Graucho

Well, I know that but my question was about solutions, not about common knowledge...

Hack Proof?

No such thing.

There is "one" of you protecting your data.

And there are literally "thousands/millions" who possibly want your files and will try/invent methods to get it.


Check your log files for unusual requests and ban the IP/useragent. But if you have a high unique visit daily, you have to be doing this in real time to prevent brute force attacks.


Good luck.

firewall on the network, firewall on the server, ftp and shell access turned off all services off. Root password 300 characters long with all kinds of fucked up shit in it. Then hire a guy to sit and watch the box 24/7. After that you need a strong team of people that keep up with every exploit that gets found for the software you are using. That is pretty much hack proof then.

encrypt your passwords with md5. if a hacker gets hold of the encrypted passwords it would be worhtless to him. :thumbsup

_

Thanks to: TheDoc and Dodo - although I know all this stuff, I was hoping to get some idea about database I mean if I use md5 I use it with a key, now if someone hacks into the server and gets the key, he gets the database... But again thanks for your reply! :)

Now BlackRain - Did I say Hack Proof???

No I didn't I only asked for "Almost unhackable"...

More replies about database are welcomed!

Thanks

Database for what?

Is it for username/password combos, images, movies?

What are using the database for?

Will it be open to the public i.e. internet or private VPN/network?

If you give us a little more information about your intent it would be helpful!

Could do like multi network cards with 2 servers infront of your database machine making the db machine the only one allowed to get commands from the 2 servers over encrypted network packets. Moreless makes it 2 or 3 stages deep from direct internet access. Other than that..I can't think of a way to really make it secure but then again i'm not a network person.

That possible? Not by me but I know it can be done :)

Thank you doc you are great :)

BlackRain - It's gonna be a regular database of users for non adult web site, in the data will be fields of user name/password and details about the users (text only) MAYBE credit card numbers, I am gonna need this data base to let them into parts of the site, basically it's like an adult web site access but since I might store their credit cards as well and whenever they access the server with their user name they can make changes to their data and inside the web site I need it to be super secured - as much as possible, they will also have the option to upload files, but that's not related...

Thanks

tell us a solution about brute force attacks too plz

Mabey I should start a consulting company :)


Simple fix on brute force attacks is use an image key and get off of apache auth.

That will be $2000 please.

Best fix of all...
Shut off your computer and hold on to your hardrive after you've unpluged it.!

i hear if you format c: your computer cant be hacked

Use md5 encryption

Pix firewall...upper end one..not the 506...configure the IOS correctly and install Cisco HIP software on your server....I haven't seen too many hackers defeat this system...about the third ping and HIP blocks the IP.

Check it out on Cisco's site....I have probably fifty similiar installations and not had a successful hack. Cisco claims it can't be hacked...of course, they also claim they hung the moon, too.

In all seriousness, it is a difficiult system to defeat. Have seen many try and move on to easier prey....something that says NT on it usually. I use it at home and then stick zone alarm on just for internal stuff, pretty tough combination.

Forget all the proxy server bullshit out there, they are easy prey for a real hacker...the kiddies get stumped on them cause they can't find a port open but the good ones breeze right through em.

[Thanks :thumbsup

I'll check it up