Skip to main content

Tips for keeping your website secure

Here are a few Tips for keeping your website secure:
  • If you have a forum or use other off-the-shelf scripts, and if you have a Reseller or MultiSite Plan, create a subdomain as another site (package).  Then the forum will be isolated from the rest of your website.  If someone does hack their way in, they cannot reach anything except that forum.  After all, it is those open source scripts that always seem to get hacked.  And if you use one, keep it current.
  • If you are running php, be sure to use a custom php.ini file.  At a minimum you should ensure the following:
    • register_globals = off   The only reason to have it on is to allow poorly written scripts to execute on your site.  That just invites hacking in the event of coding errors (and there always can be some coding errors).  If you have a script that requires register_globals = on, fix it or dump it and get a new script.
    • session_transid = 0  This will help prevent revealing the ID of your php sessions.
    • Then there are a few other setting you should consider:
      • Set your own upload_tmp_dir value so uploads are processed in your space rather than in a server shared directory.
      • Set your own session.save_path so session files are stored in your  space rather than in a server shared directory.  Remember to delete these files on a regular basis.  There is a script for doing that on this page.
    • Be sure to chmod your custom php.ini file to 600.  This will prevent others from viewing the contents of the file.
  • Chmod 600 any PHP sctipt that contains secure information, like usernanes and passwords.  This will prevent others on your same server from looking at the code.
  • Use file upload scripts rather than giving out ftp access to your site.  If you must give out ftp access, set the ftp user so their access is to a directory above public_html.  That way what ever they upload cannot be seen or executed from the net.
  • Any file upload scripts should have basic protection built into the script.  These protections should includes file type restrictions so no one can upload any scripts or other damaging files, placing the files in an alternate directory for isolation and to ensure no key file is overwritten, file size retrictions, and upload directory size restrictions so the facility is not abused (and you site does not run out of space).  You can find a file upload script with these protections on this page.
  • Ensure passwords are random and contain combinations of characters, numbers and symbols.  You can find a good password generator on this page (in B&T's Tool Box).  And, of course, change your passwords regularly.
Labels:

Comments

Post a Comment

Popular posts from this blog

links

0.  https://michael67654.qowap.com/64523001/new-pos-technique-to-perk-up-your-company 1.  https://johnnydinqr.blog2learn.com/52856602/new-pos-system-to-perk-up-your-company 2.  http://edwinsqgcu.onesmablog.com/New-POS-Process-to-Perk-Up-Your-company-43309737 3.  http://chloe69246.bloguetechno.com/New-POS-Process-to-Perk-Up-Your-Business-39814721 4.  http://jacob87541.pointblog.net/New-POS-Technique-to-Perk-Up-Your-online-business-43741223 5.  http://arlette53302.thezenweb.com/New-POS-System-to-Perk-Up-Your-online-business-41464611 6.  http://devinpixna.tinyblogging.com/New-POS-Program-to-Perk-Up-Your-online-business-46354577 7.  https://rylanevsom.blog5.net/46759651/new-pos-program-to-perk-up-your-small-business 8.  https://mariowoesh.affiliatblogger.com/56515206/new-pos-system-to-perk-up-your-organization 9.  https://liam66429.diowebhost.com/60164326/new-pos-procedure-to-perk-up-your-company 10.  https://henry19219.fitnell.com/4557...
Post a Comment
Read more

Raisonnement, la résolution de problèmes

Les chercheurs ont d'abord développé des algorithmes mimétiques raisonnement humain étapes que les gens utilisent pour résoudre le casse-tête ou faire méthode d'exclusion logique. [2] Dans les années 1980 et 1990 fin, l'étude de la grippe aviaire a développé des méthodes de traitement de l'information incertaine ou incomplète, en utilisant des concepts de probabilité et de l'économie. [3] Pour ces problèmes, les algorithmes requis matériel assez puissant pour effectuer des calculs de géant - à subir « combinaisons d'explosion »: la quantité de mémoire et le temps de calcul peut devenir invisible prendre si la résolution d'un problème difficile. La plus haute priorité est l'algorithme de recherche pour résoudre le problème.  Les gens utilisent généralement les jugements rapides et intuitifs plutôt que pas de déduction que les chercheurs en IA d'origine peuvent simuler. [5] Amnesty International a progressé en utilisant la résolution de problèmes « c...
Post a Comment
Read more

Tracking and Securing Downloads

If you want to report or track downloads from your website, try this script.   This script will send you an email every time you have a download.   The email will tell you what file was downloaded and who did the download.   You could change this script to keep counts (store them in flat file or MySQL) if you desire. The variable $directory is the directory where the download files are located.   If you want the script in the same directory as the files then use "./" as the directory (you must always have the slash). In your html page, use the following structure as your download link (where name.txt is the file name to download): <a href="download.php?file=name.txt">download</a> Then you use the following script (called download.php): - - Start Script Here - - <?php $emailaddress  =  "email@yourdomain.com" ; $filename  =  $_GET [ 'file' ]; $directory  =  "downloads/" ; $path  =  "$directory$filename" ; putenv (...
Post a Comment
Read more