[RESOLVED] Websites and bad things.

[Yumby]

I guess this is the place to post this type of question. If it's not can a mod please move it? The question is: If a person owns a website what are some of the bad things that can happen to that website?

[dee-u]

It can be hacked and/or vandalized.

[Yumby]

Thanks dee-u. Wouldn't that be a problem that the web host has to deal with?

I apologize. I should have mentioned that the person who has the website (I'm close to having a website but I'm not that big on the idea because I'm not that much of a techie) would not own the server. I would just upload the website and that's it. Kind of. I guess.

[Shaggy Hiker]

Would it bother you if somebody went to your website and it was covered with pron? If your relationship with this website is such that you don't care what the content is, then I'd say that you are right that the problem is not yours. If it would bother you that the content changed to something else without you knowing about it, then that would be something to be concerned about.

[dclamp]

With basic security measures in place (sterilizing user input, etc...) then there is really nothing to worry about.

If your site gets lots of users, people may start making phishing sites that look like yours, in order to get peoples login information, or other personal information.

[Nightwalker83]

I would also use external files rather an putting all the code in the actual pages. It would make it easier to protect the inner working of the website. Also using php can help hide the code because php is not visible on the client-side. That being said php is a server-side language not a client-side language.

[Yumby]

Thanks everyone for the replies.

What about people who link to the files on the website without permission and therefore increase my costs? And what about things like spam if I use the "mailto:" link? Should I use a picture instead? Is spam really as bad as some people make it out to be?

[JuggaloBrotha]

I would also use external files rather an putting all the code in the actual pages. It would make it easier to protect the inner working of the website. Also using php can help hide the code because php is not visible on the client-side. That being said php is a server-side language not a client-side language.

php and/or aspx

[Nightwalker83]

php and/or aspx

Ah ok! I have never used aspx before.

[dclamp]

i think you're confused. PHP does not hide the source code. All PHP code that you write is parsed, and only HTML is shown. You can still view the HTML source code.

"ASPX" is just the file extension for ASP.NET files.

[Nightwalker83]

i think you're confused. PHP does not hide the source code. All PHP code that you write is parsed, and only HTML is shown. You can still view the HTML source code.

Ye, I know! I should of made it clear that php and html are two separate codes in my other post.

[Yumby]

If anyone could provide some advice or answers to my questions in post #7 I'd really appreciate it (I rate posts!) Anyone with website experience would be great. Thanks.

[Nightwalker83]

If anyone could provide some advice or answers to my questions in post #7 I'd really appreciate it (I rate posts!) Anyone with website experience would be great. Thanks.

In answer to the email and spam question the best thing to do would be to use a form to submit the information.

[Yumby]

Thanks Nightwalker83 for the rep worthy reply. I'll check it out. And if anyone else can think of anything by all means please contribute.....

Edit... * I tried giving you a rep but I got "You must spread some Reputation around before giving it to Nightwalker83 again." Sorry mate. Maybe next time!?!

[Nightwalker83]

Edit... * I tried giving you a rep but I got "You must spread some Reputation around before giving it to Nightwalker83 again." Sorry mate. Maybe next time!?!

That's ok! Maybe someone else can think of a better method of protecting the data.

[mendhak]

If your website is vandalized, it is your own responsibility because you may have inadvertently introduced a security flaw somewhere. The specifics of the flaw you introduce depend on what you're doing on the page.

It's not a good idea to have a mailto link on the page. There are crawlers out there which go around looking for mailto links. Remember that any personal information on a page is exposed, can be found and will be found. That's why the form method is better.

If you don't want to create a form and still want to bring up the client's mail client window, then you could force a postback or use a bit of javascript to expose the mailto so that crawlers don't get to it.

[SJWhiteley]

The majority of web sites are hacked through poor security of the owner of the web site (i.e. you) and not through an esoteric 'technical' reason (although that has happened, and is generally what is newsworthy so has an apparent prevalence).

[Yumby]

Thanks for the replies everyone. There's some good information there. Cheers.