How to Zombie-Proof Your Website

By in Pyxl Blog, Technology, Web Development, Zombies on February 26, 2014
This post originally appeared on the Pyxl Blog.
With the return of The Walking Dead, zombies are on the hearts and minds of many Pyxlites. Zombies come in many forms, from slow ones (Romero, The Walking Dead, etc.) to fast ones (28 Days Later, Left 4 Dead, etc.) and every combination in between. As such, there are also many types of online zombies who are hurting your site, either intentionally or not. These zombies could be users who unintentionally leave out information on forms or hackers who are intentionally creating chaos. Here are a few ways to protect yourself from the online undead: 1. Front-end and backend validation on forms.   Creating front-end validation to keep users from submitting incorrect, missing or harmful form data is the first step to protecting your site.  Validation on the backend is just as important.  The amount of users that have JavaScript disabled is frightening. It’s estimated that one out of every 50 users disables JavaScript and is therefore able to bypass the front-end validation your form has in place. This is why backend validation is non-negotiable. Backend validation will also protect against SQL injection so these online zombies can’t destroy the work you’ve put into place. 2. Keep all aspects of your site patched.   From the CMS and the database to the web server and the plugins installed, keeping everything patched to the latest security level will help keep your site from being exploited by security vulnerabilities. 3. Don’t use easy-to-guess passwords.   Here are a few basic guidelines to remember when setting up a password. Avoid using:
  • Dictionary words
  • Your partner, child or pet’s name, even in combination with a number
  • Your date of birth in any form
  • Anything about you that could easily be guessed (i.e. your college, your employer’s name, your hometown, etc.)
  • Commonly guessed passwords, such as “password,” “letmein,” “1234,” “love,” “money,” etc.
4. IP restrict things that aren’t going to be accessed by the public. While IP spoofing is usually an easy game for experienced hackers, simply using the combination of an IP requirement and a strong password will be enough to deter somebody that is looking for a quick exploit. 5. Load test, load test, load test.   Trying to fix a site in the middle of a heavy load is much more difficult than just making sure you have enough bandwidth available from the start. As you can see, some of the online zombies are out looking for blood, while others are just stumbling around and happen upon easy prey.  Either way, taking a few basic steps and remembering the military’s 7 Ps – proper planning and preparation prevents piss poor performance – will ensure you are protected against the virtual undead.  

Comments are closed.