Web service security tutorial

Web service security tutorial. Basic Tutorial safety webmasters. Google has started a campaign called No Hacking and aims to raise awareness about computer webmasters dangers and help them maintain their secure websites. It is not the first time that Google cares about the safety of websites.

This is easier and faster we can do: Let Google webmaster tools / Security issues. But sometimes it is not compromised our website but a link that leads to a site with malware. Anyway, the tutorial covers some additional aspects to using Webmaster Tools that can help preventively. For example, when we want to put a link on our website and we are not sure if it leads to a compromised site, then we can not use the Tools Webmaster to find out, but with this tutorial we can do something almost as good as if we could.

Yesterday I got to thinking and researching what you need to know to maintain a secure website, the basics. Then I got to split it into three points to be covered: The safety of the web, webmaster security and safety of users. These three points are intertwined, closely linked to each other, so the failure of one can affect the other.

They usually put the credits at the end, but I'll put them here in the middle up front: Tech Support and Removal Guide Malware 2014 (it was written in 2011, but the points are still valid) A computer on the side of evil, test web security.

There are several ways to check the security level of a website, we can use software to help us with the work and can complement it with a little manual labor.

I looked for programs that were easy to use and does not need any installation. Some useful programs you can use online are:

http://desenmascara.me/: It is only necessary to put the url of the site you want to evaluate and give us a result, this result should be greater than 20.

https://www.tinfoilsecurity.com/: Here is as easy as in the previous web, but we have to register and confirm the property of the web that we will analyze, may be using Meta tag or other methods. The result is private and we will see in our account.

We may also use URL Void, Norton, and other antivirus SiteCheck Sucuri to analyze websites.

Point 1 and antivirus online can use to verify interested dubious links to share with our users, thus we can be more confident that our committed no reference web sites that may affect the safety of our visitors. It is easy to assume that a link that does not pass the test to be verified by these means should not be shared on our website.

For example, the URL Void tool checks on many lists, including GoogleSafeBrowsing.

What do I do if there is virus on my website? You can use the Google Chrome browser and follow these steps to remove it.

The next step is manual, roughly a summary of what was published in the blog A computer on the side of evil.

1 The first thing we do is simple, which was published sometime in the Google Webmaster blog.

We're just going to Google and put site: (URL without http: //) "Cheap viagra".

An example:

test anti spam websites

Click to enlarge image

If this method are looking for this blog Portal Webmaster, you may find the word, but the result you get is this entry No to worry about.

You can also try different words commonly used by spammers.

The latter two are files with users in the metadata.

Put on Google: site: (URL without http: //) ext: pdf intitle: "Documents and Settings".

Test metadata files with users

The examples in the blog of Chema Alonso remain. This usually affects sites such as the FBI and page that class, but if your web stores data of many users may be of interest to a hacker.

I doubt this affects the websites of most webmasters like us, but it is worth walking cautious.

This second method, to give us an idea that will, is of the things that was mentioned Snowden NSA. Metadata do not provide information itself, as if it were a telephone puncture but give other information about the user behavior, as the times you made any communication or activities.

3 To view our website robots.txt only just put "robots.txt" (without quotes) just after the url of our domain. Apparently we have to avoid the asterisks.

Example: Mipagina.com/robots.txt

Open directories is something that seems unusual happens, but you just have to put the name of one of our folders after the main url to watch as he walks the web in that direction. If the list file shows we have a problem.

Example: Nuestraweb.com/adjuntos

4 Follow steps 5 and 6 to a computer on the side of evil: SQL Injection book in ASP or CFM applications with SQL Injection and Blind quote from book to PHP files.

These are steps to test the state of the web, basic steps that can be performed x times a year (once a month for example, 12 per year). This allows us to detect vulnerabilities to begin the process of research and correct them.

Before leaving this point I want to talk about something that arouses much interest to webmasters. How to stop a DDoS attack?

Usually webmasters, most, used hosting services or hosting (without their own server), then you need to know is that who can take care of a problem like this is the hosting service and what you can do is inform. In 2013 Alex Naverro of vivirdelared.com she struggled amid Seorimícuaro SEO contest, but with the help of a technician from your hosting service managed to overcome it.

Something basic against DDoS is to get a good web hosting service. And to back up our website regularly is also recommended.

If our site is secure our users are safer.

Security for Webmaster. A good password is like a good lock. But do not lose the key right?

The main thing at this point are the passwords, which I personally find even tedious. We have different passwords for each how much and at the same time should be secure. Nor should we entrust to a program installed in our PC because on one hand are at risk of being lost (and with it our accounts) if damage occurs on the computer and on the other we merely rely on a single device to access our accounts.

An easy way to make a good password is to use the registration service eBay is very strict with passwords, which we tried and we will say that level of security is.

We'll have to find a place to store passwords, particularly if we have a very good memory. We can write a blog physical (paper and pen), or we can use cloud services as https://www.passpack.com/.

We can also use this method: We opened an email account in an encrypted as gmail or hotmail (not to be confused with encrypted) and store passwords in a draft service. While this may be less safe, but if used as a storage of encrypted passwords we only have to worry about the master password.

Remember that passwords are private, do not tell.

We must also ensure our operating system and components. The main thing is to update the operating system but have the updated operating system is not enough, some outdated programs installed on your system can make the system, especially the Office and browsers that run constantly vulnerable.

We also have to use steps to keep the system free of malware, for that use the steps published in InfoSpyware but add a few things:

1 SuperAntySpyware unloaded (ie additional and optional) and other programs instalaos uh, just do not run Rkill (no installation required)

2 Eejecutamos Rkill (us a DOS window appears)

Malwarebytes execute three (instead of the quick analysis may be advisable to leave one full of doubt), we can ask reboot to complete remove infections found. If this is the first time you use Malwarebytes is recommended not to activate the trial, sometimes causes compatibility problems with antivirus resident.

malwarebytes anti malware, infected pc

In this taken from flickr and can not modify image, we can see the old version, not unlike today where we have a really affected PC.

4 Execute Super AntySpyware (optional replaces the Panda Cloud that can cause incompatibility with antivirus resident and saved for possible problems uninstalling). Or instead of Panda Cloud Super AntySpyware or Panda ActiveScan can be used with IE. I say this because the Cloud has given me some trouble before.

5 Execute CCleaner.

We clean with CCleaner and ended.

Stating that these are steps that keep malware removal at your own risk. They are not as dangerous, but always warn InfoSpyware this with the implementation of safety programs, so I'm now doing the same.

Finally, have a firewall (firewall) activated, a good antivirus updated and remember to keep the system updated. Extra Bonus (Optional): Again Google gives us an alternative security, we use your public DNS to have the protection of the anonymity it provides (You can see the advantages of safety in this direction).

Warning: Before you follow these steps you must remember this, if the configuration fails to do simply restores the values ​​that your network had to get everything back to normal.

1 All we have to do in Windows 7 is to click the arrow to the right where we have the time and date of our PC, we click on the connection and the bottom of the rectangle that appears see "Open Network Center and Sharing. "

2 To the right we see "Adapter Configuration" and we click. Inside right click on the connection and re-click on "Properties".

3 In Properties we click on "Internet Protocol Version 4 (TCP / IPv4)". "Use the following DNS server addresses automatically" put:

8.8.8.8 the "Preferred DNS server"

8.8.4.4 in "Alternate DNS server"

Click on "OK".

Example:

In "Internet Protocol Version 6" (TCP / IPv6) put:

2001: 4860: 4860 :: 8888

2001: 4860: 4860 :: 8844

We click "OK" and again in "OK".

If you did it correctly you can experience an increase the speed of your Internet browsing. We use many Google services and spent many hours in them that may not matter, but still I let you know that this would allow Google to know more about your Internet usage habits, although not necessarily so. Now our data is more secure, our website is more secure and our users are safer.

If we keep under surveillance the above then this point is good, although there are still some basic things you can add.

Be responsible with sites that you link from your website, links not potentially dangerous sites that could compromise the security of your users.

As in the previous point, are very wary of advertising you use in your website, some services are lax towards their clientele and that can affect your users when they click on ads.

If at any time your site is compromised, prevents access to users until the problem solutions.

Conclusion

I think applying this comply with basic security with a webmaster must meet. Join the campaign and help improve the safety of our websites.