I am a web developer. I've checked How does hacking work? and I know all of the things described in the most upvoted post. However, I can't understand how do hackers get into servers when the website is secure? I want to setup a web server for my client for the first time, so I am a little bit scared. I just don't understand if I setup LAMP for example, and have 32 chars password or something, and login to the server via ssh, how can it be not secure? You can give examples not only for LAMP running servers, but anything else too. Or it happens only when server owner has a very weak password, and hacker just bruteforces the password?
Asked
Active
Viewed 372 times
1 Answers
5
I can't understand how do hackers get into servers when the website is secure?
Just some question you might ask yourself to understand how an hacker might compromise your site which are mostly not covered by the post you referenced.
- How do you know that the website itself is secure? What did you check (possible file uploads, SQL injection, remote command execution...)
- How do you know that your server platform is secure? Shellshock and Heartbleed show that the platform itself might be vulnerable.
- Who has access to your system.? How do you deal with brute force password attacks?
- If you run your site inside a VPS - who has access to the host system?
- If you login from home - who has access to your home system and how you can be sure that it is or gets compromised so that a hacker can sniff your passwords or get access to the SSH keys? And you should ask this question for everybody who has access to the system which includes the administrator of the machine which hosts your VPS.
- If you run a dedicated system - who has access to the data center?
Steffen Ullrich
- 184,332
- 29
- 363
- 424