Whenever the President of the United States travels anywhere there are numerous individuals charged with making sure the President is secure and unharmed from attack. This is the premise behind Internet security. The work you have done on your site is the product of valuable time and energy. For some business owners the website represents significant research and creative energy. It is possible for a vulnerable website to be hijacked and remade in the image of something that only resembles your website in name only or to have safeguarded data copied for the use of a third party.

One of the biggest mistakes a website owner can make is allowing the work to be left unguarded. As reported in recent years hacking of a computer system can occur both from within a company or from a remote location, which makes the use of Internet security so important.

Advances in firewall technology (making them easier to install and configure), improvements in vulnerability scanning and better explanations of how to repair them, and better intrusion-detection with fewer false-positives are all key technologies in this race

Some hackers argue they are not involved in felonious activities, but are simply seeking knowledge and using the internet to find answers, however the U.S. Government views the activity as a felony and punishable by applicable state and federal laws.

It should be noted that the term hacker has been adjusted. No longer is the term hacker only used to describe someone gifted at programming and is able to break a website code to gain access to information. Today a hacker is also someone who misappropriates company data. Typically this scenario occurs from an inside and often trusted source.

Even if you are an experienced, seasoned desktop programmer, unless you are an experienced Perl, PHP or Python programmer this probably applies to you too! (Fact is, most programmers are familiar with Desktop, PC and client software. Server software -- especially Internet software -- is an entirely different animal).

• Never download software from hey check out my cool free software type of sites. You will be buying yourself a whole world of trouble in most cases.
   

• Never modify scripts if you are not 100% sure. A customer recently modified a script he bought - he changed 4 lines of code. In just one of them he made a mistake. Just one line is all it took to get his mail server hijacked!
   

• Never download and install software you cannot find running on other [reputable] sites somewhere else on the Internet.
   
   

• DO NOT download software from places like CGI Resources, Hot Scripts etc unless you are sure the author knows what s/he is doing. (We have nothing against these websites. On the contrary, they have many excellent scripts. The problem is anyone who thinks he's a programmer can write code and submit it to them and they make no distinction between secure and badly written software). If you want to find decent software to use on your site go to places like Perl.com or the Comprehensive Perl Archive Network and look there. Use the sites they recommend to get the software you need. (There is still no guarantee the software you download will be secure, but you stand a far better chance there than at the places where any wannabee can publish code.
   

• Always be extra careful of using software that invokes any of the following. These are not security risks per se but are often the point of entry to a badly written script for the crafty hacker
   

  • Executes system commands from within the script,

  • sends email,

  • Accesses and manipulates files on a server,

  • receives information from the internet e.g. name, email address etc.

  • Deletes files or directories,

  • accesses and manipulates an SQL database,

  • There are probably many more but these are the ones we have found to be most problematic.
     

• Always check with your someone more knowledgeable than yourself before installing software on your site.
   

• Always check with other webmasters webmasters -- if you can -- that yourself if a script is safe to use.
   

• Always search for more information on the background of the author/company of the particular script you want to use. Look for sites that do software and security reviews and see if you can dig up anything there. The search engine is your friend. Use it.
   

• If you are not an experienced programmer find someone who is to help you find secure PHP/CGI programs for your site.
  NOTE: Delphi, VB, any flavor of C for Desktop PC's doesn't count, experienced means experienced with web servers.
   

• The Search engine is your friend - Always do a search on the software you intend to install/purchase. Look for review sites that have commented especially on the security aspects of the software and stay away from it if there any any negative reports.