-= Gametoast.com =-

I'm trying to create a webpage for my basketbal team. It's my first time doing it, but I've managed to get a clean html webpage with css that's compatible to all four major webbrowsers.

A friend of mine pointed out that I shouldn't put a website up that's just plain html and css scripts, because of it being prone to hackers. He told me he secured a website by delivering it through .php, but I have no idea where to start with that. He said there was another way to layer stuff over my website to protect it, but once again, I've got nowhere to start.

So I was hoping someone here would know what I should do. My webpage has a simple layout with navigational buttons under the header, who then control an Iframe under it.
Does anyone here have any suggestions or places online where I could find out how to protect my site? I'd be very gratefull.

It's supposed to go up on a "dumdiedumdie.nl" adress, I've declared doctypes and I think the file structure is ok.

What info will the site have? Users with Credit card info? Will there be a login of any kind? Unless there will be private info or accepting credit cards HTML alone is fine. Otherwise you can use php code to make a login area and use https instead of http to secure that area.

The website will be completely static, even though I learned HTML because I learned Javascript in a school course, there are only .html , .css, .png and one .pdf files in it.

So, is it really safe to display a webpage with simply plain html? This guy in my class keeps telling me that even a minor hacker would be able to steal my server password and/or domain stuff, because he could easily insert code into the webpage. Once again, I've never done this before and have no real reliable source, that's why I keep questioning this. I'm skeptical about that way of hacking, but because I'm so inexperienced I could be totally wrong.

The hosting would be done through a hosting company in my neighborhood that supposedly has a reasonable fee and good reliability.

Being a webhost since 1999, I know how security is a concern for clients, so I understand your questions. The server Gametoast site is on has about 275 websites today and 90% of them are tiny html only websites, I put my ecommerce sites on a seperate box, the main thing securing them is a firewall, so it truly falls on your host to secure the site, say for instance you tried to login to the admins area or my email on this site, my firewall will give you 5 tries before your ip is auto blocked and I would get a "digest email" hourly telling me who and what is blocked from the server. Blocked ips never see my server or clients again.

A firewall protects ports, domains, sites, access to private areas and anything you want to control from hackers. The only sites I have hacked (started on the darkside), or have seen hacked since the internet came out were not html sites but those with php , cgi and other code running with security loopholes.

Rest assured as long as your host is not some scammy ,low cost, low end host they will have a firewall for all their users and honestly the odds of a hack on a html page (as long as your passwords aren't easy to guess) is 1 in a 100,000.

I would host you but I have servers in DC, texas and California only your ping from overseas would be like 2500 lol

Wow, thanks for your reassuring words. I've contacted the hosting company; they're offering a package with 500mb storage space, including a .nl domain, up to 20 e-mail addresses on that domain name and an online tool to organize "my" server, all total for €8,- a month. Which is exactly what I need.

I've got one related question; yesterday, I ran my entire html and css scripts through the w3 validator and I got rid of all the warnings and errors. Since then I've changed a few things and now the validator can't tell which charset I specified and I also can't seem to get my webpage icon to work.
Does anyone who does know what he/she's doing what I messed up?:

You made sure to put your favicon.ico in your ftp under public_html ?

try all your browsers as well, clear cache ect.

make sure you can take your domain with you if you ever move, its cool to get a free domain but alot of hosts that do that keep your domain if you leave, making everyting you have worked for worthless if your host blows.

Oh wait; I remember now that the icons wouldn't work while testing it from my thumbdrive. I just received an account and I've uploaded everything to a server, my website is now up on (I guess it was okay to post links to a website as long as it's not for personal gain and I've put a lot of personal effort into it?) http://www.twellotitans.nl . The favicon works fine now. I'll continue working on the site some more, but I'm already pretty happy with the way it has turned out. I just need to create a logo and ad it to the site and maybe do some more tweaking.