22 Jul 10 Why test or scan?
Yesterday, I offered a free website security scan. Why would you need a scan? I went into a little detail then, but I’d like to expand on what I wrote about, that being my offering my services as a PHP programmer.
If you’re an online merchant, your server needs to be PCI compliant. Otherwise, you not only run the risk of being hacked and losing customer data, but you also run the risk of facing major fines. One fine would be enough to wipe just about any small business out.
New security challenges arise every day. In fact, they arise every hour, it seems. Will your site stand up to the challenge? Will it meet that challenge? Only by regular security scans will you know. Even if you’re not a merchant, you need scans, because I am willing to bet that you don’t want to be hacked. All sorts of unsavory things can occur if that happens.
You could lose your databases. You could lose all data on your server. Your users’ information could be compromised. There are many things that could happen, and none of them are pleasant.
So, contact me for your free security scan today. As I wrote earlier, all I ask in return is that you have a sincere intent of using my services.
21 Jul 10 Free Website Security Scan
As a PHP Programmer with 8+ years experience now, I’ve always specialized in web security, security standards, and secure programming. In the say 300+ websites that I’ve dealt with in the past, at least 200 have been vulnerable to some sort of moderate to high risk attack. By high risk, I mean the steal your database and deface your website type of attack.
Free Website Security Scan? Why? Well, most of the security audits that I conduct will usually begin with a basic audit that ultimately goes uncharged in light of the thorough audit and any repair works that follow. On that basis, I’m happy to offer a basic FREE no obligation security audit to anyone genuinely interested in using my services. I do not require any code or data from you, nor any access to your systems. All I ask is that you have a genuine intention of using my services to thoroughly audit and/or repair any vulnerabilitie in your site that I’m able to identify and demonstrate.
Interested? Contact me now.
Tags: free website security scan, php programmer, website security consultant
20 Jul 10 Need a helping hand?
If you need a skilled website security consultant or PHP programmer, then consider me. Get in touch with me for a quote, and I’ll be more than happy to discuss what I can do for you.
These days, your site can’t be too secure, and if you’re unsure of how to properly secure your site or your PHP code, I stand ready to assist you. I can help you ensure that your server is secure overall, reducing the chances of it being hacked. I can also go over your PHP code and ensure that it too is secure. After all, a secure server really does no good if the PHP code isn’t also secure.
Feel free to browse my site and read my articles. Then, get in touch with me, and let me know the details of your project!
Tags: adam palmer, php programmer, resume, website security consultant
19 Jul 10 The importance of redirects
Yesterday, I discussed how you can redirect your HTML files to PHP files. Why is it important to do so?
There are certainly no security concerns involved here, but you probably don’t want to lose your visitors who may bookmark certain pages, nor do you want to lose search engine traffic, because the HTML links will still show up in those engines until they crawl your changes.
That’s where the 301 redirect comes in. This is the best sort of redirect to use, because it is search engine friendly. What it tells search engines is that the page has moved permanently to the forwarding location you provide, which in this case is a PHP file. Essentially, if you do it this way, the search engines won’t skip a beat, and you’ll keep your traffic. The last thing you want to do is let search engines crawl 404 errors.
If you need help with these sorts of things, or if you need a skilled PHP programmer to help you sort out your conversion, I would be more than happy to take a look at your specific needs, and devise a plan for you. This includes making sure that your PHP code and your setup is secure, as PHP is a valuable tool, but a potential security risk if not handled correctly.
My rates are reasonable, and I offer a wealth of experience that can benefit you. Simply get in touch with me for a custom quote!
Tags: 301 redirects, html, php programmer, search engine, traffic
17 Jul 10 A PHP programmer indeed
You may be browsing through my site, or maybe you came here because you’re looking for a PHP programmer. Allow me to introduce myself. I am Adam Palmer, and I’m a freelance website security consultant, developer, and, of course, a PHP programmer. I’m willing and able to do most any web, Linux, or hosting-related project.
If you have something along those lines that needs to be done, simply contact me, and we can discuss your needs in greater detail.
In addition to doing this sort of work, I run APNIC Solutions, Ltd., which is a leader in network and business integration. You can be confident that when you hire me for your PHP, web, or other needs, you are getting a competent, skilled industry leader who will do a smashing job for a reasonable fee.
Feel free to browse through my blog and read my articles on a variety of PHP and security topics. Then, get in touch with me to see what I can do for you! If all you need is a consultant to point you in the right direction and help you get to to the finish line, I would be more than happy and honoured to be that person.
Tags: Linux, PHP, php programmer, web, website security consultant
09 Jul 10 SSL increases confidence
If you run a commerce website, you’ve probably heard about SSL certificates. Depending upon the level of certificate that you have, they verify the validity of your domain, up to detailed information about your company. An SSL certificate isn’t handy just for commerce sites, however. It’s a vital website security component for any site that deals with personal information of any sort.
These days, attacks on severs are commonplace, and website users are wary, especially when it comes to entering sensitive information. That’s where an SSL certificate comes in handy. It increases consumer confidence, and confidence of visitors in general. It shows that you’re serious about what you’re doing.
(more…)
Tags: commerce, purchases, security, SSL, website
08 Jul 10 An easy way to reduce attacks
The server hardening process can be a daunting task for someone who’s new to the process, or who’s new to hosting in general. The good news is that there’s one simple way to help reduce attacks on your server, or at least its PHP applications.
If you run an e-commerce site, chances are you run a CMS such as WordPress, and a shopping cart application such as WHMCS. Both of these applications, like nearly all others, have a login module for the administrators. Especially in the case of well-known programs, there are plenty of people know how to find your administrative log in panel, and that includes those with less than honourable intentions.
(more…)
Tags: htaccess, php programmer, secure, unix, website security consultant
07 Jul 10 Hardening your server
Hardening your server is perhaps the best way to prevent, or at least reduce, attacks on your server. What follows is a basic overview of what you should do to harden your server. If you are not completely comfortable doing this, you should retain the services of someone who is, to avoid data loss.
The key service you want to secure is SSH, as that is perhaps the most vulnerable. If someone should have access through this protocol, they would have complete power over your server, and all the sites on it.
(more…)
Tags: server hardening, ssh, website security consultant
06 Jul 10 Disabling phpinfo
The phpinfo() function is a very powerful one; through it, you can learn quite a lot about your PHP installation. The problem is, so can someone else. PHP, of course, is a very powerful application, but it is also a very powerful tool that can be used to compromise your server’s security if used by the wrong person.
The best way to combat the potential problems that someone using phpinfo() can cause is, of course, to not have a script accessible to the public that runs the command. Sometimes, during the testing process, you need to upload a simple script that executes the command, for your own reference. It’s simply phpinfo(), inserted into PHP brackets.
If you should forget to delete the script when you’re done, it’s possible that someone who’s intent on compromising your system could try to find the page, especially if you name it something simple such as test.php or phpinfo.php. If you’re the extremely cautious sort, there’s something you can do.
You can completely disable phpinfo(), and then re-enable it later should you need to perform more testing. To do this, find your php.ini file. The location can be found by executing the phpinfo() command, as the precise location depends on your operating system and distribution. Once you’ve found the file and opened it with your favourite text editor, insert the following command:
disable_functions = phpinfo
Reboot your server, and you’re secure. Just remember to re-enable it if you should need to do further testing on PHP.
There are all sorts of things you can do to make your server secure. Securing PHP is one of the most vital things, because PHP can be used a gateway into your system, even being used to perform SQL injection attacks. Of course, one would really have to know what they’re doing to gain access to your system, but you never want to give out too much information. By disabling phpinfo(), you can accomplish that, at least as far as PHP is concerned.
04 Jul 10 Keeping your site secure
Obviously, keeping your site secure is one of your primary goals as an administrator. As discussed in an earlier post, filtering IP addresses is one piece of the puzzle.
But what other aspects are there to keeping your site secure? What follows is a brief list of ideas, which will be expanded upon in future posts. The security of your server simply cannot be ignored. Too often, administrators or webmasters throw caution to the wind, and leave things to chance. It’s really quite simple, although potentially time-consuming, to secure one’s server.
(more…)
|
I'm Adam Palmer, and I'm a PHP Programmer, Web Security Consultant, and Linux Consultant.
I run 'APNIC Solutions Ltd' and spend most of my time consulting, managing server clusters, and writing PHP, whilst what little spare time I have is dedicated to playing with gadgets.
|
