Can static html be hacked by hackers?


#1

Can hackers “hack” a static html website? Hosted on host gator servers? Is protecting your who is information with a private registration safe or worth it?


#2

I recently ran into an issue with a client where anything named index.html or index.php got injected with eval(base64_encode(long-string-here)) which output some malware infected code on a regular basis. So yes, any file is “hackable” even if the file itself wasn’t insecure due to poor coding, etc…


#3

Anything can be hacked. While HTML is safe against 99% of attacks, if someone gets root access to your server they can put whatever they want in the pages.


#4

Define “hack”.


#5
havokdesigns said

Can hackers “hack” a static html website? Hosted on host gator servers? Is protecting your who is information with a private registration safe or worth it?

It depends. If you define HTML as HTML / CSS, then the answer is NO! Only by direct access to the source code. If however you have PHP and JavaScript in the mix, then everything changes. If you are using PHP, chances are high it can get hacked, but as cudazi, and TylerQuinn said, everything and anything can be hacked.

Usually a HTML sites only has PHP contact form. But, if you are using more complex systems that require login, registration, or even timthumb as some people painfully learned, you are susceptible to hacks :slight_smile:

Best thing to do it. Always keep a backup on your computer ( on or in a folder where there are no .exe executable files, if you are using a PC ) or on a DVD/CD. If you get hacked ( I hope that will not be the case, these things don’t usually happen to small sites ) then you can erase the files on the host and re-build your server :slight_smile:


#6

By hacking I mean get access to the admin panel and upload their own malicious files.


#7
havokdesigns said

By hacking I mean get access to the admin panel and upload their own malicious files.

Thus meaning you have PHP and a MYSQL database. Well, it can, but it depends on 2 big things.

  1. How the file was coded. If the code is bullet proof ( nothing is 100% but, I am referring to being correctly built ) there are slim chances for that happening.

  2. How secure is the admin password. If the password to the admin panel is secure, complicated, and your system blocks your account or notifies you if someone enters the wrong password for n+1 times.

If the above things are taken care of, then chances of being hacked are really small! Nevertheless a backup is more than welcome in these scenarios! :slight_smile:


#8
Enabled said
havokdesigns said

By hacking I mean get access to the admin panel and upload their own malicious files.

Thus meaning you have PHP and a MYSQL database. Well, it can, but it depends on 2 big things.

  1. How the file was coded. If the code is bullet proof ( nothing is 100% but, I am referring to being correctly built ) there are slim chances for that happening.

  2. How secure is the admin password. If the password to the admin panel is secure, complicated, and your system blocks your account or notifies you if someone enters the wrong password for n+1 times.

If the above things are taken care of, then chances of being hacked are really small! Nevertheless a backup is more than welcome in these scenarios! :slight_smile:

No, It’s just html and css. But when you type in xxxxxxxxx.com/cpanel it opens up a back end control panel for the server created by the hosting company. Thats my only weakness right now. Thanks for all the info too. :slight_smile:


#9
havokdesigns said

No, It’s just html and css. But when you type in xxxxxxxxx.com/cpanel it opens up a back end control panel for the server created by the hosting company. Thats my only weakness right now. Thanks for all the info too. :slight_smile:

usually, Cpanel page use SSL cert (https://), so it is secure…

the only problem is when your hosting server is not secure, so your website can be hacked from different website in same server (share hosting case). It did happen last year in some big hosting companies, and I think it is better now…

…and, don’t use 777 unix permission for your website directories… 755 is enough. :slight_smile:


#10
agusmu said
havokdesigns said

No, It’s just html and css. But when you type in xxxxxxxxx.com/cpanel it opens up a back end control panel for the server created by the hosting company. Thats my only weakness right now. Thanks for all the info too. :slight_smile:

usually, Cpanel page use SSL cert (https://), so it is secure…

the only problem is when your hosting server is not secure, so your website can be hacked from different website in same server (share hosting case). It did happen last year in some big hosting companies, and I think it is better now…

…and, don’t use 777 unix permission for your website directories… 755 is enough. :slight_smile:

+1 to this! In your case, you should relax. Ensure your admin password is extremely complicated. Normal and capital letters, numbers, symbols. Write it down somewhere on paper. And that’s it! If your server uses a decent admin panel, the chances of you being hacked… well, using a good password are close to zero! :slight_smile: SSL security is awesome! :slight_smile:


#11

This is possible but with some added security measures and setups this would generally be more limited to internal attacks. So it’s really a matter of hoping an employee with a good amount of access doesn’t do anything with malicious intent.