Practice safe surfing! Tips to protect yourself from hackers

[John]

As I'm sure you're all aware, there's been one or more hackers on the rampage in the OOTP online league community. A number of websites have been hit, including ones hosted by the same provider that we use. We've avoided attacks ourselves, and with the migration to version 9.2.11 along with a number of behind-the-scenes security measures, you can feel good knowing that everything that can be done to make your PEBA surfing experience safe is being done.

That being said, it's important to be under no illusions of immunity. A determined enough hacker is likely going to be able to break through even the most well-thought out defenses. The good news is that both the Commissioner of this league and its webhost provider are very vigilant and will react quickly in the event that an attack occurs. But it only takes a second of exposure by an insecure computer to a hacked website to cause a myriad of troubles, not just for you personally but for everyone in the league.

This thread over at the OOTP forums contains a number of helpful tips on how to protect yourself from an attack. Chief amongst them: Update your system! Make sure you have the latest patches for common system components like Internet Explorer, Real Player, Flash, Adobe Acrobat, Java, etc. And of course you want to make sure you've installed all the latest security updates for your operating system.

I highly recommend all of you read this post in particular. A number of tips are suggested here for securing your web browsing experience. I've been following these tips for a while myself and I wholeheartedly endorse each and every one of you doing so as well. A brief summation of the tips:

• Use Firefox as your web browser. There are both PC and Mac versions available.
• Install the free NoScript add-on. NoScript prevents websites from running any script without your express permission. While this can be annoying at first (many websites rely on scripts to provide legitimate content), NoScript will allow you to set permissions on a per-website basis so you can allow sites you know are safe. It takes some getting used to but the enormous boost to your security is well worth the learning curve.
• Go into the NoScript options (right-click on the "S" icon at the bottom-right of Firefox and select "Options..." from the pop-up menu) and check the "Forbid <IFRAME>" checkbox. IFRAME is what the hacker has been using to attack OOTP websites. With this checkbox enabled, you will have to give express permission for an IFRAME to run; it won't be able to do so without your consent.

Take these steps and you will have improved your security tenfold, not just on the PEBA website but on this entire series of tubes we call the Interwebs.

[Hitmen]

I've used noscript. It can be a pain to use until you get used to it. A lot of sites may appear to stop working when you use it, you will have to configure it correctly. And of course, if you allow all the scripts anyways out of frustration, it doesn't help any.

But use whatever add-ons, browsers, OS, etc. you feel comfortable with and protect yourself as best you can. I always use Firefox unless something absolutely requires IE and I absolutely have to visit that site. And I spent 4 months re-writing my website from scratch to re-code to avoid SQL injection attacks that luckily didn't harm any of my visitors, but kept permeating my database with attempted script injections.