6 tips to protect your site from harm

Most people on the internet are good, honest people. However, there are people who surf the Internet, get pleasure from poking around websites and finding security vulnerabilities. Some simple tips can help you get your website in the most basic ways. Now, of course, the issue of security of a complex and well beyond the scope of this column of data. However, I am the basics, you should make the many potential problems that could fix people, things they should not see relief.

Password protection for directories

If you do not need a directory on the server that should remain private, people do not guess the name of the directory. The best password protect the file on the server. Approximately 50% of sites are served by an Apache server with the power, so let's look at how to password protect a directory in Apache.

Apache configuration commands accept a file called .htaccess in the directory is located. .htaccess Commands affect this folder and all subfolders, unless a specific subdirectory has its own .htaccess file inside. Password protect a folder using Apache also a file called .htpasswd. This file contains the names and passwords of user is authorized to access. The password is encrypted, you must use the htpasswd program to create passwords. To access it, go to the server command line and type htpasswd. If "command not found" error message, then you should contact your system administrator. Also note that many web hosts offer options anywhere to store a directory, so they set up things for you to do in this way and not your own. We also continue.

Enter "htpasswd -c .htpasswd myusername" where "myuser" is the username you want. You will then be prompted for a password. And confirm the file is created. You can check via FTP. Also, if the file in the web folder, you must move so that is not open to the public. Now open or create the .htaccess file. Internally include:

AuthUserFile /home/www/passwd/.htpasswd
AuthGroupFile / dev / null
AuthName "Secure Folder"
AuthType basic


Require valid-user

In the first line, set the path to the directory where the file .htpasswd. Once this is done, a pop-up box appears get to see this folder in your web site will appear. You will be asked to sign, so that it looks.

Disable Directory Listings

By default, a directory of your website file recognized home page (index.htm, default.htm index.php, etc.) will not in this case looks more like a list of all files. They are not, perhaps, that people see what you have there. The best way to protect against this is to simply create an empty index.html file name, then download this file. The second possibility is, again, using the .htaccess file in the directory block list. This includes only the "-Indexes options" line in the file. Users will now be an error instead of a list of 403 files.

Remove installed files

By installing the software and scripts on your site, often come with the installation and / or update the scripts. Leave it open on your server huge security problem, because if anyone has knowledge of what the software can find and run the installation scripts / update and so restore your database, configuration files, etc. A software package well written to notify you of these elements before removing the software help. However, make sure it has been done. Just delete the files from your server.

Keep up with the latest security updates

Such software should run on your website to keep in touch with updates and software-related safety warnings. Otherwise, you can leave it open to the great hackers. In fact, a glaring security hole was discovered and reported often and there is a delay before the software creator can issue a patch for it. Anyone so inclined can find your site uses software and vulnerability, but updated. I burned through this a few times, be destroyed with all agencies and restore the backup. It happens.

Reduce the error report

Speaking especially for PHP here, because I work with that are generated default printed with all the information about your browser, errors and warnings in PHP. The problem is that these errors contain entire directories routes mostly scripts involved. Makes too much information. To remedy this, reduce the level of error reporting in PHP. You can do this in two ways. It is suitable for php.ini. This is the main PHP configuration on your server. Pay attention to the instructions of error_reporting and display_errors. However, if you do not have access to this file (not many shared hosting), can also reduce the level of error reporting error_reporting () in PHP. Add this line in a world submit their scripts will not work in all areas.

Keep your forms
Form a hole wide open on the server for hackers, if not encoded properly. Since these forms are normally up a script on the server to access the database, a form that can provide some protection to a hacker direct access to all sorts of things not offer bids, sometimes. Remember ... just because it comes in contact with the area, and says "address" before does not mean that you can trust people to enter their address in this field. Imagine that your form is not coded correctly and the script does not submit. What is to stop a hacker from a SQL query or script code into the address field? In that spirit, here are some things to do and search:

Use MaxLength. 
The input fields in the form can use the HTML maxlength attribute to limit the length of the registration forms. Use this feature to prevent people from entering too much data. This will prevent most people. A hacker can move, so you need to protect information on the overflow level and writing.

Hide e-mail when a script-form-mail, do not include email in the form itself. He defeats the point and spam spiders can find your email address.

Use the form validation. 
I will not go into a lesson on programming here, but I got every script that submits a form to accept input. Make sure receipts fields are expected in the fields. Check if the input data is a reasonable and probable duration and the correct format (in the case of e-mails, cell phones, zippers, etc.).

Prevent SQL injection. 
For a complete lesson on SQL injection can be reserved for another article, but the basic thing is that the way the entry to be inserted directly into a SQL query without validation is allowed and therefore allowing an attacker the ability to query SQL in the contact form term. To avoid this, always make sure that the data type of the input data (numbers, strings, etc.) to validate the appropriate form above, and write queries so that an attacker can not be the way that the application does not you could enter anything you intend.

Conclusion

The website security is a complex topic and get a lot more technical than that. However, I have given you a basic primer on some of the things that gave easier in place, not to alleviate most threats on your site.

0 Response to "6 tips to protect your site from harm"

Post a Comment