i need to know,

1-What are the potential attacks against my site ??????????????
2-How to handle these attacks and hacker??????????


I want to know the overall site security[size="4"][/size]

There are actually many types of attacks on sites.

1. That most common for my hosted customers are gaining access to their control panel. Many users tend to use one password for everything. That is bad. Often hackers are able to a hand on anyone's config.php (or similar) files. These files contain information that allows the script to connect to mySQL. If you use the same password, hackers can easily gain access to your control panel.

2. Sometimes when users use free scripts or 'warez' scripts, they do not check through the entire folder to check for any potential tracker files. Often such files are not trust worthy and all users should check. These tracker files can easily eat up bandwidth and grant others permission without you knowing.

3. There are ways that hackers can forcibly get into your account/server. One strong suggestion is that you use a good password. Normally I don't memorize my own password. I choose random characters (numbers and letters) and create a password around 30 to 50 characters and save it in a notepad file under a protected folder.

Here are the top 10 scariest web vulnerabilities listed by GCN (Government Computer News)
# Unvalidated parameters, which let information to be used by an app before being validated
# Broken access control, in which restrictions on authorized users are not enforced
# Broken account and session management, which leave inadequately protected account credentials and session tokens vulnerable to hijacking
# Cross-site scripting flaws, which let attacks be passed by an app to a browser
# Buffer overflows, which can crash an application and allow it to be taken over
# Command injection flows, in which improper commands are passed by the app to another system for execution
# Error-handling problems, which can provide an attacker with unintended information or deny service when errors occur
# Insecure use of cryptography, which provides weak protection when cryptography code is not properly integrated
# Remote administration flaws, in which administrative functions are not well protected
# Web and application server misconfiguration.

Some good articles to read:
- http://www.devshed.com/c/a/Security/Hacking-Your-Own-Site/
- http://www.securityfocus.com/infocus/1864
- http://www.gcn.com/online/vol1_no1/20862-1.html

If you're using a MySQL database with PHP, SQL injection is another common type of attack. Tizag has a very good tutorial explaining SQL injection and how to prevent such attacks:
http://www.tizag.com/mysqlTutorial/mysql-p...l-injection.php