How do I protect my HTML files against hackers putting scripting attacks in them?

by on September 7, 2009

Q: How do I protect my website from hackers (scripting attacks) placing virus codes in my HTML?

One Response to “How do I protect my HTML files against hackers putting scripting attacks in them?”

    If your site created with just HTML, meaning no server side scripting at all, then the only way for a hacker to modify your HTML code would be for them to access your host. So either they gained access to your account and you need to reset the password or they have access to your host and you have incorrect file settings on your files that allow them to change your files.

    Either way you should be very concerned because if they did access your account they could have installed scripts that will let them update your files even if you change your password. This means you are going to have to clean up your account by making sure every single file in your account is a file you want there. This means looking for hidden files and hidden directories as well. It might even help to look at your access logs to see if you can find evidence that they are accessing pages that you know nothing about.

    Now if you actually have server side scripting languages on your site like PHP, Perl, ASP, etc then the problem becomes even bigger. You will have to check all the places you allow user input and make sure you correctly escape the input. Some people accidentally leave security holes in their software that allow hackers to update files on the system.

    You should expect to spend a good amount of time looking into the problem and you might even want to contact your host to see if they can be of any help. Normally good hosting companies are aware of the most current security threats and they can help by looking at the logs and give you pointers on how to make things more secure.