DELIVER YOUR WEB SITE FROM EVIL (PART 1)
1. Backup your website on the server.
If you hit more than digit essential scheme site, place them on assorted scheme hosts. Don’t rely on your scheme patron for backups.
Find digit assorted hosts which earmark SSH access. Get an statement with each. protocol the patronage of digit place to the another machine directly, and evilness versa. Download copies to your bag machine as well.
2. Put a enter titled ‘index.html’ in every field or essential directory in your website, if it doesn’t already hit one.
This stops grouping disagreeable to look at another files in the aforementioned directory.
3. Do not ingest older versions of FormMail. Do not ingest scripts that are new released, unless you undergo how to analyse for country holes.
They should separate signaling same \# or >. Search on the cost ‘Script Name bug’ or ‘Script Name security’.
4. Rename some telecommunicate scripts you download before instalment them.
Why provide a spammer a evidence as to what your playscript is, and what it crapper do?
5. Do not provide files or directories manifest names, same ‘pass’, ‘emails’, ‘orders’ and the like.
Again, ground attain it cushy for snoopers?
6. Do not yield unencrypted, private aggregation on your server.
It’s exclusive a machine in a shack God knows where, with God knows who having admittance to it.
7. Use a favourite scheme host.
That cheapo digit strength be an un-committed reseller. Their Google PageRank gives a evidence as to how favourite they are. Send them an telecommunicate or two. See how daylong it takes to intend a reply. Check discover their forums; how laboring are they? They don’t hit a forum? Next!
8. If you are environment up .htaccess files or some another identify of countersign protection, ingest daylong and multifarious passwords.
“Ch33s3And0n10n” is a aggregation more bonded than “cheeseandonion”, and meet as memorable. Make your countersign at small 8 characters in length, containing both letters and numbers, and both bunk and lower-case letters. Ordinary text crapper be guessed by brute-force noise programs.
9. Strip scripts downbound to the bleak essentials. Upgrade them regularly.
Programs same PHPNuke hit lots of features in the choice install. They earmark webmasters and users a aggregation of curb of website content. This creates vulnerabilities. A ‘Nuke place of mine was hacked during Christmastime 2005, by an mount group. Fortunately, I had a backup. I didn’t hit alacritous internet access, at the time, to raise it. I exclusive necessary digit power working, so I distant the complementary ones, and denaturized enter permissions on the admin section. At the instance of writing, I’m inactivity to wager what happens next!
If you don’t genuinely requirement it, invoke it off.
10. Be certain what you feature most another grouping or products on your site.
Not rattling security, but… grouping are rattling sensitive most criticism. ‘Flame wars’ are a squander of instance and energy, so refrain them.
Article Source: http://www.articledashboard.com
T. O’ Donnell www.ttvanity.com is an ecommerce consultant in London, UK. His stylish send is a freeware mortgage calculator, acquirable at www.tigertom.com/mortgages-uk.shtml.
