This is the issue that a lot of people has been concerned about!

Lots of site and Forum has been hacked.

And I really worry about this might happen to my site or forum

So, do anyone know how to protect our passwords, and prevent from hacking?

I used to be a hacker, and let me tell you what I've found.

Anything that can be changed by an authorized person remotely, can be changed by anyone that wants to do enough research to get in. There is no such thing as "absolute security". Although most of my knowledge is with computer "security", it applies to all types of security.

In the mind of a hacker, any upgrade to "security" is merely a challenge. Whenever a company says that thier new system is unbreakable, I want to see if thier claim is true. I now only hack my own computers. And although I don't spend as much time hacking as I used to, I still haven't found any type of protection that can't be broken. Also, the more protection that is put on any kind of site, the more hassles the real users have to deal with. It's all a compromise.

If you wanted to have a dozen layers of security to get into a site, that could be done. Sure, it would make it harder on any hacker to break in, but that also makes it take longer for you to get in.

So just remember, there is no way to completely prevent you site from getting hacked. But if you keep your website small, not near as many hackers will want to try to break in.

-YB

Ugh, why do we live in a world where people think it's cool to destroy some one's hard work? Never give your pass/user name to anyone, thats all I can say.

Nothing is foolproof, but some elementary caution will help:

1. Never assign permissions to any user or object greater than what they really need to be used.
2. Use the HTML maxlength attribute when practical to prevent people from entering scripts into text boxes.
3. Always have a default object in every directory, to make it harder for people to discover your directory structure.

Absolutely right!

4. Use a GOOD password for your admin account! Not "root" or "admin" or "susan" or "smith", but something that consists of letters AND numbers, perhaps mixed with some $§&€@-signs. And it is always safer to use a LONG password instead of a short one. A bruteforce attack might hack "susan17" but might need much more time to hack "s1&usanru56lokp34&hajkslwto@4772830hfgw". (just for example)

GreetingZ

maybe there is no way to make the unbreakable site, but the majority of people who want to call their selfs hackers, prefer "playing" with unprodected sites. This people arent in real hackers. they know nothing more than u and me.
they just want to to make ur life harder.
By using a small security this people cant hard u.
There still remain the real hackers. what do u think ? why should they hack ur sites?
I dont find a reason.
so.... dont say, i wont put security cz they will destroy it.
you will put, and if the other wants to touch ur site he will
if he is just a "kid playing with his computer!!" he will give up easy!

Hope u find a kind of good security

Most people that do damage to sites are generally called "script kiddies" because they are simply running programs written by others, and they don't know what's going on in the program. These programs usually only work if the site is unprotected, or thier security is really out of date. These kind of individuals usually can't do anything to a reasonably protected site. And unless you get really big, of have something extremely interesting hidden within your site, the real hackers will probably leave you alone.

-YB

basically if u dont have any php scripts or anything that process user input,
you should be safe as long as your web server is updated and protected.
in case of a free web hosting, theres nothing u can do if the server itself gets hacked.

And just a small remark about what Cassandra said,

2. HTML maxlength will not prevent long information from being sent to the processing script, it will just prevent it being sent from your form, which can be easily bypassed by sending a raw POST request or downloading and changing the maxlength of the field.

hope this extra info helped

If I'm not mistaken, neither of these ick-techniques should be a problem, as long as the receiving script is designed not to accept data from off-site.


Well, it certainly can't hurt!

the receiving script, either php or asp, has no way of knowing if the user came from his own site or from nowhere,
only by referer, which can easily be changed or faked to be as if it came from a ligitimate place.

the real solution to the length problem should be inside the receiving script itself, for it is server side and cant be bypassed without changing its source.