Back to Question Center
0

Semalt: Izinyathelo Ukwenza Ukuvikela Iwebhusayithi Yakho Kusuka Hackers

1 answers:

Ukwesaba okukhulu ukuthi abanikazi bewebhu kufanele bahlale nalo mqondo womuntu oshintshayoukusebenza, noma ukusula ngokuphelele. Ukwakha okuqukethwe kwiwebsite kuthatha umsebenzi onzima, futhi okufanayo kufanele kwenziwe ukuze kuvikelwe.

Ngaphandle kokwenza ama-backups avamile, nansi uhlu lwamacebiso alungiselelwe nguMichael Brown, the i-Semalt Umphathi Wempumelelo Yekhasimende, ezofika ngokuzenzekelayo ukuqinisekisa ukuphepha kwewebhusayithi yakho:

1. Buyekeza wonke amapulatifomu nezikripthi

Phakathi kwezinto ezinhle kakhulu okumele ukwenze ukubuyekeza zonke amapulatifomu nezikripthi ezifakwe kusipheqululinjalo. Isizathu ukuthi lawo mathuluzi ngokuvamile anezimpawu zokuvula ezivulekile, ezitholakalayo kubathuthukisi abanezinhloso ezinhle kanyeabaduni. Abaduni be-website bangase bahlasele ikhodi, befuna noma yikuphi ubuthakathaka noma izintambo abangayisebenzisa ukuze bathole ukungena nokulawulaiwebhusayithi. Ukubuyekeza akuthathi isikhathi esiningi sokuqedela futhi kusiza ukunciphisa lezi zingozi ngokuphumelelayo.

2. Faka ama-plugin wokuphepha lapho kufanele khona

Emva komzamo wokubuyekeza oshiwo ngaphambilini, qiniseka ukuthi isiphequluli sinokuphephaama-plugin afakwe ukuvimbela noma yikuphi imizamo yabaduni ukuze bathole ukungena ngaphandle kwemvume. Ama-plugins wezokuphepha aqondisa ubuthakathaka obukhonanoma iyiphi ingxenye yesikhulumi futhi unciphise noma yikuphi imisebenzi ekhona yokuqapha. Ngaphandle kwalokho, i-SiteLock iyithuluzi elihamba ngenye indlela ukuze linikeze njaloimibiko yokuqapha ngemuva kokuthi i-foil ihlukumeze imizamo. Uma impumelelo yebhizinisi ixhomeke ekusebenzeni kahle kwewebsite, ke yiSayithiLockukutshalwa kwezimali okubalulekile.

3. Sebenzisa i-HTTPS

Uma usebenzisa i-HTTPS, omunye angabona ukuthi isignali eluhlaza ivela kubha yesiphequluliukuxwayisa ukuthi usuzohlinzeka ngolwazi olubucayi kuwebhusayithi. Izinhlamvu ezinhlanu ezincane ziyisibonakaliso esibalulekile sokuphephanokuthi kuphephile ukunikeza imininingwane eceliwe..Uma isayithi lebhizinisi lidinga izivakashi ukuba zinikeze imininingwane yazo yangasese, kekumele itshale isitifiketi se-SSL. Kuza nezindleko ezengeziwe kodwa uhamba ngendlela ende ekwakheni ukwethembeka kwesayithi nokwenzalivikelekile nakakhulu.

4. Imibuzo ephakanyisiwe

Ama-hack ejwayelekile kunawo wonke amawebhusayithi anesisulu kulabo abahlobene ne-SQLimijovo. Ama-SQL injection anamafomu ewebhu noma imingcele ye-URL enikeza ukungena kolwazi olungaphandle ukuze unikeze ulwazi uma bekhonakwesokunxele ukuvula. Okwenzekayo yilokho abahlaseli be-website bafaka ikhodi kwi-website ye-website evumela ukuba bathole kalula uma bekhonabafuna. Kuyinkinga kubanikazi bewebhusayithi njengoba kufanele bavikele ulwazi oluyimfihlo abathengi abathembele bona benze. I-parameterizedimibuzo iqinisekisa ukuthi ikhodi esetshenziselwa i-website imisiwe futhi ngaleyo ndlela ayikho indawo yokwengeza. Abaduni bamawebhusayithi bakuthola lokhu okungenakwenzeka ukushaya.

5. Inqubomgomo Yokuqukethwe Yokuqukethwe (CSP)

Esinye isici esivamile ukuthi abahlukumezi be-website basebenzise ukuhlaselwa kwe-cross-script (XXS). Ngabo, bayakwazi ukususa iJavaScript enonyaikhodi kumakhasi ewebhu. Isu eliphazamisekile elisetshenziselwa kanye neCSP elivumela umsebenzisi ukuthi achaze izizinda ukuthi isipheqululikufanele bacabange njengemithombo esemthethweni yezikripthi ezisebenzayo uma befika ekhasini kumele babe neyanele. Isiphequluli singazinaki konkeEzinye ezingafakwa ohlwini lwalezi ziqondiso zanikezwa izinguquko kumakhasi ewebhu.

6. Amaphasiwedi alondekile

Abantu bakhetha ukukhetha amaphasiwedi athola kalula ukuwakhumbula. Noma kunjalo, umuntu kufanele enze umzamo wokucabanga ngephasiwedi ephephile.Okude iphasiwedi, kungcono. Kufanele isebenzise izinhlamvu, izinombolo, nezinhlamvu. Amaphasiwedi evelele afaka ubuqotho beiwebhusayithi isengozini. Ngendlela efanayo, faka isimiso esifanayo samaphasiwedi abasebenzisi abasebenzisa.

7. Vala phansi isiqondisi kanye nezimvume zefayela

Ifayela ngalinye kanye nefolda equkethwe kuwebhusayithi ineqoqo lezimvume nezilawuli mayelana nokuthi ubani ongakwazi ukufunda, ukubhala noma ukuwasebenzisa. Nikangubani okwazi ukufinyelela ngayinye yalezi zimvume ezisekelwe kumsebenzisi neqembu abakubo.

November 28, 2017
Semalt: Izinyathelo Ukwenza Ukuvikela Iwebhusayithi Yakho Kusuka Hackers
Reply