TITLE: Deliver Your Web Site From Evil (Part 1)

SUMMARY: Simple tips to protect your site from those who mean it ill.

ARTICLE BODY follows:

1. Backup your website on the server.

If you have more than one important web site, put them on different web hosts. Don't rely on your web host for backups.

Find two different hosts which allow SSH access. Get an account with each. FTP the backup of one site to the other server directly, and vice versa. Download copies to your home computer as well.

2. Put a file called 'index.html' in every major or important directory in your website, if it doesn't already have one.

This stops people trying to peek at other files in the same directory.

3. Rename any email scripts you download before installing them.

Why give a spammer a clue as to what your script is, and what it can do?

4. Do not use old versions of FormMail. Do not use scripts that are newly released, unless you know how to check for security holes.

They should filter input like \# or >. Search on the terms 'Script Name bug' or 'Script Name security'.

5. Do not give files or directories obvious names, like 'pass', 'emails', 'orders' and the like.

Again, why make it easy for snoopers?

6. Do not leave unencrypted, confidential information on your server.

It's only a computer in a room God knows where, with God knows who having access to it.

7. Use a popular web host.

That cheapo one might be an un-committed reseller. Their Google PageRank gives a clue as to how popular they are. Send them an email or two. See how long it takes to get a reply. Check out their forums; how busy are they? They don't have a forum? Next!

8. If you are setting up .htaccess files or any other type of password protection, use long and varied passwords.

"Ch33s3And0n10n" is a lot more secure than "cheeseandonion", and just as memorable. Make your password at least 8 characters in length, containing both letters and numbers, and both upper and lower-case letters. Ordinary words can be guessed by brute-force cracking programs.

9. Strip scripts down to the bare essentials. Upgrade them regularly.

Programs like PHPNuke have lots of features in the default install. They allow webmasters and users a lot of control of website content. This creates vulnerabilities. If you don't truly need a feature, turn it off.

10. Be careful what you say about other people or products on your site.

Not really security, but... people are very touchy about criticism. 'Flame wars' are a waste of time and energy, so avoid them.

About the author: T. O' Donnell http://www.tigertom.com is an ecommerce consultant in London, UK. His latest project is a freeware mortgage calculator, available at http://www.tigertom.com/mortgages-uk.shtml.




Please VOTE for this page at: ADD TO DEL.ICIO.US | ADD TO DIGG | ADD TO FURL | ADD TO NEWSVINE | ADD TO NETSCAPE | ADD TO REDDIT | ADD TO STUMBLEUPON | ADD TO TECHNORATI FAVORITES | ADD TO SQUIDOO | ADD TO WINDOWS LIVE | ADD TO YAHOO MYWEB | ADD TO ASK | ADD TO GOOGLE

.