Checking Your Web Site for Vulnerabilities and Hacker Exploits

  • Episode 299
  • June 11, 2013
Advertisement
Chat Logs Download Video (872.39 MB) Download MP3 (73.39 MB) Donate

Protect your web site, your reputation, and your site visitors by determining if your site can be easily compromised by hackers. Looking at Lynis and StopTheHacker.

This episode is sponsored in part by: netTALK DUO, Netflix, Eco Alkalines.

Topics Covered:

  • Robbie Ferguson and Erika Lalonde present from the Category5 studios in Barrie, Ontario.
  • Category5 Technology Radio is available during the live show, and is part of our mobile web site.
  • Category5 will be appearing on Episode 100 of TPN Weekly on Monday June 17.
  • {play 6:17}Feature: Testing your web site and server to determine if it has serious security vulnerabilities which could be used by hackers to compromise your data or exploit your web server for malware distribution or spam blasting.
    • Why it matters if someone exploits your web server:
      • Server / web site performance
      • Spam generation could result in being placed on a mail blacklist and your email will no longer be delivered
      • Could get you blocked in the search engines, or even flagged as an untrustworthy web site
      • Antivirus products may stop users from being able to access your site
      • Users will feel a lack of trust for your web site / brand
      • If a business site, could lead to a loss of sales / revenue
      • Compromises your web site visitors' safety
    • Step One: Determine if your web server is exploitable. Using lynis to check the security of your Linux server or computer, and generate suggestions for what you could do to help improve your security on the server level.
      • Installation:
        sudo apt-get install lynis
      • Execution:
        sudo lynis -c -Q
    • Step Two: Determine if your web site code is exploitable. Using StopTheHacker to test your web site and server from the outside world.
      • Launch the web site: http://cat5.tv/stopthehacker
      • Running a Web Site Vulnerability Check using StopTheHacker.
      • Using apachetop as per our feature on Episode 295 to monitor the activity of StopTheHacker.
      • Once the StopTheHacker scan is complete (well, approximately 24 hours later), you will receive a full report by email which tells you what parts of your web site and server have been found to be exploitable.
      • The paid plans at StopTheHacker will give you proactive detection and protection for your web site.
    • Step Three: Now it's up to you to fix it. Now that you know what kinds of exploits are possible on your server and web site, it's up to you (or your web designer, for a fee) to patch your web site, and do this at least every 6 months.
  • {play 25:51}Top stories from the Category5.TV Newsroom.
    • Biomedical engineers in the University’s College of Science and Engineering have developed a non-invasive system that allows people to control flying robots using only their minds.
    • Schools in the UK are being urged to sign up for a codebreaking competition aimed at developing the next generation of cybersecurity experts.
    • Sony is set to sell the PlayStation 4 for $100 cheaper than Microsoft’s Xbox One and will not impose restrictions on second-hand games.
    • Honda engineers are racing to build the world’s fastest lawnmower with top speeds of around 210 km/h.
  • {play 38:33}Viewer Questions
  • Happy belated birthday to Robert Gorczynski's mom.
  • Viewer Comment: Congratulations to Abigial for her marriage!
  • Viewer Question: I just watched your video about setting up Wirecast and see you could adjust the contrast and settings for the camera. Is this a feature of Wirecast, or the camera?
  • Viewer Question: System 76 is not available here, and I'd like to switch to Linux, but I understand Linux can be more picky about what hardware you use. So how do I know what type of system to build for Linux?
  • Viewer Question: On Robbie's personal web site, Robbie is called DJRobbieF. Does DJ stand for disc jockey, or data jockey?
  • Big news for RSS subscribers all around the world: we are in the process of migrating all our RSS feeds to a new CDN which will be accessible from all countries, and it will also result in faster file delivery for all users. See Robbie's Blog for more details.
  • Viewer Question: I cannot get Team Viewer working on Point Linux. Can you show us how to install it?
    • Installing Team Viewer on a multiarch system such as Point Linux or Debian 7 requires you to install their 32-bit version, because Team Viewer's 64-bit version is only compatible with the old ia32-libs way of doing things (at least, at the time of this broadcast).
    • Installing the 32-bit version of Team Viewer on a multiarch system, assuming you have the 32-bit teamviewer_linux.deb file in the current folder:
      sudo dpkg --add-architecture i386
      sudo apt-get update
      sudo dpkg -i teamviewer_linux.deb
      sudo apt-get install libxtst6:i386
      sudo apt-get install -f
  • Viewer Question: I have not been able to get my nVidia graphics drivers installed on Point Linux. Can you show me how to do it?
  • {play 57:23}Contest Announcement: Win a 7-port Newer Technology USB 2.0 hub with dedicated 2.1A power port on Episode 301.

Links to Relevant Web Sites:

  • Host: Robbie Ferguson
  • Co-Host: Erika Lalonde

Discussion

Advertisement
Advertisement

Technology TV
Episode 502 Live:

Being Watched

Twitter Posts

Advertisement

Site News

Robbie Ferguson

Don't worry if you find something broken... this is a work in progress.


Robbie Ferguson

I still need to fix several broken images and create more content... this is a huge undertaking! Enjoy!

Robbie Ferguson

User accounts are disabled for the moment as I work to implement more features into the new web site. Check back soon!

Login to Category5

Error message here!

Hide Error message here!

Forgot your password?

Register on Category5

Error message here!

Error message here!

Hide Error message here!

Lost your password? Please enter your email address. You will receive a link to create a new password.

Error message here!

Back to log-in

Close