How Secure is my website ?

[ian 32]

Im really a newby at building sites.

I started a few weeks ago now building a site for my historical photo collection.

I have upladed almost 260 rare and valuable photos already.

Before I dump truck even more onto the online platform ?.... Is there anyway to check how secure the site is ?

I dont really want someone to be able to open a public folder directly and click... copy and paste all content.. Then I have a lot of fun trying to stop a small army of people selling DVDs online with my photo collection for 5.99... :sad:

If anyone with experience in this direction could give me a few security tips ... that would be brilliant !

Thanks guys.

Ian :smile:

http://www.pixpast.com

 

[Daid 306]

You might want to prevent this:

http://pixpast.com/content2/

Depending on how your hosting is setup, you could prevent this with a "-Indexes" in the htaccess:

http://www.thesitewizard.com/apache/prevent-directory-listing-htaccess.shtml

 

[DidierKlein 729]

You get an access denied when you try downloading the pics from the link provided by daid

 

[skint 61]

I tried to steal one Ian, didn't work

 

[ian 32]

Thanks Daid for the good tip ! :-)

Im going to apply this tonight.

If you spot any more loopholes in the system please let me know.

I spent every penny iv earned for 16 years buying these rare pictures and I want to try and protect the online archive.

Thanks a lot and big hugs !

Ian :-)

 

[illuminarti 18]

Ian - my day job is basically testing the security of web sites. I'll take a look at it for you, in the next day or two, once I get through some post-maker-Faire backlog.

[ian 32]

Ian - my day job is basically testing the security of web sites. I'll take a look at it for you, in the next day or two, once I get through some post-maker-Faire backlog.

 

THANK YOU !!

I probably have spent.... more than 40,000 euros on buying the first color film footage and that is every cent I earned since University.. I want to have a OK chance to put this amazing historical collection online and try and earn a few bucks back from the investment.

Thats why these little checks now as the site is young and small is so so important !

So big THANK YOU if you can have a look for me :smile:

Ian :smile:

 

[Nicolinux 288]

The problem with .htaccess or similar techniques is that if your server/hosting package is compromised, somebody would be able to download the entire site. You could create/buy a system where only the previews are stored on the server and the originals are fetched from another server in the background only when needed.

But why not add your photos to istockphoto.com or similar services? I guess with so many rare and high quality photos, you could strike a good deal and maybe earn more than through (yet unknown) site.

 

[ian 32]

if I moved my image files to... amazon cloud for example.. then what would stop people just trying to hack that account with amazon and get there hands on the pictures that way ?

From what iv seen the last months with big companies and big security.. everything is crackable....

But open to good handy tips to give me a little chance... ;-)

Also about me going alone... I tried renting out my collection to a big photo agency... I got a little fed up receiving 20 percent royalties for the images I own and bought... seemed like day light robbery to me.. so better setting up pixpast... run it for 10 or 20 years... setup fair prices compared to the other big guys.. and then spread the word...

If it takes 10 years to get things running.. thats OK with me.. aslong as in the end its my baby and if or when a photo sells... i get the money from my investment and not only 20 percent..

Ian :-)

 

[ian 32]

ok i just did the "-Indexes" change.... im still wondering about using the cloud ?

Ian :-)

 

[Nicolinux 288]

There's no difference between the cloud and a server somewhere else. It is just that with some big companies you *might* have a better chance to protect your server because they can roll out the big guns.

But your specific problem is not related to a server type but rather to the fact that you goods are on the server. And if somebody hacks into it, then it is game over.

That's why I had the idea to put the assets somewhere else. A server without public access. Then from your frontend server fetch assets when needed from the asset server. You could then monitor the traffic between the two servers and rais alarm if something fishy happens (like too many photos accessed at once).

I am sure there are tools out there that do this because creating such a system on your own is quite a task.

 

[ian 32]

The photo sales shop software I bought for this project actually has an option to connect to amazon cloud.

I was just a little slow to start buying the next hosting account ontop of the normal one I have already..

But I guess I shoudnt try and save on safety...

Ian :-)