1. Software and Scripts Up to Date.
If for some reason your running an old version of phpbb, or maybe an old vbulletin or even a simple script, make sure you upgrade them to the latest version. That may get your website hacked easily using methods like RFI or SQL injections.
2. Plug ins, Add ons and Modules.
Running a CMS site? like Joomla, Mambo, Datalife or maybe a forum like phpbb, SMF, vbulletin will think again before uploading/installing modules and plug ins. The developers of those scripts take good care of their codes to keep it clean of exploits and bugs. The plug-ins developers most of time don’t, they are the 70% cause of hacking those kinds of software’s.
3. It’s Your Fault.
Most Webmasters think that if they get hacked it’s because their Hosting sucks or the hosting staff isn’t doing its job, but they’re WRONG. If you get hacked it’s your fault. If you install a script with bugs, the hosting owner can’t do anything about it. If someone exploits your bug and gains access to your site it’s your fault, don’t blame your web hosting company, blame yourself. After being hacked you should try to lookfor your scripts in sites like milw0rm.com to see if your scripts did have any bugs.
4. Protect Your Password
If you run a very popular site then be careful! Some people may love you, some people may hate you. They could try to get into your FTP, cPanel, or hosting account. Some of them may even try to send you Keyloggers, Trojans and monitoring programs to get access to your websites. Be careful when accepting files, using instant messaging softwares like Yahoo, MSN, or AIM. Also always use the hardest password possible.
5. Keep your Hosting Account and PC Clean
Most people have lots of files they don’t even use on their hosting accounts and computers. On their hosting accounts this may cause wrong indexation in search engines like Google, Yahoo, Msn, and Ask. They may start indexing old sites in forgotten folders, as personal files like pictures and more, it’s always good to keep your hosting account with only your website updated content.
6. Quality Before Quantity.
Use quality software for your site. Why use phpbb (greatly Coded), if you can buy a vBulletin License. If you’re already making a revenue from your site using advertising programs like Google AdSense, cpx Interactive and more, then think that you have to invert to win. The more you invert, the better chances you have to win, this may keep your site clean of hackers.
7.Backups, Backups and yes.. Backups.
Most common mistakes people make is uploading and just uploading! Make a backup of your Site! Keep the files on your PC, or in your USB or External Hard Drive, it can save your life. I got hacked 5 times and you can ask my visitors if they have ever seen an hacked index on my sites.. NEVER. That’s the greatest satisfaction of a hacker. Never let your users see that you got hacked. Clean your whole hosting account before leaving that killing ranking index on your site.
8. Don’t put all your eggs on the same basket.
If you have some time in the Web Business and have more than 2 sites.. then protect them! Did you know that if one of your websites gets hacked, all of the other websites in the same hosting account may get hacked too? Yes, Defacers can easily upload a shell to your FTP and get access to all your sites. You can easily prevent this by buying a Reseller Account or buying more than one Hosting Account, even if they offer you a lot of hosting storage and bandwidth.
9. Knowledge is Power!
Learn, read, and search. Now days with the use of great search engines you can access a lot of information that may keep you safe and may even make you a Defacer or Hacker. Most of the Hackers have learned to use search engines and community forums. Underground community’s that provide them carding information, defacing information and a lot more. To Prevent them you gotta think like them.
10. Check CHMOD, Permissions.
Most of time while installing new scripts they ask you to CHMOD to 777, for some files, some times that may be fatal. When a Defacer comes into your site files it becomes easier to modify/edit/delete the files with 777, if you public_html folder has those permissions your basically done, and hacked. But if it doesn’t then he can only modify the ones with those permissions. It’s good to keep in mind so that when you finish the installation you bring back all the old permissions.
Bonus: for those VPS / Reseller / Dedicated Costumers is important to keep in mind that the root’s password for MySQL is also a big factor when talking about hacking, it’s always good not let it as default, this may cause you lose all your tables and rows.