I am very new to thinking about the security of my sites.... what is the best way to begin to approach this
#1, make sure all your installed packages are up to date. This includes stuff like apache, mysql, etc, as well as anything like phpbb. #2, make sure your code is secure. Anytime you accept user input from the web you need to be very, very careful. Review your code to make sure you're doing it correctly. #3, Remove any setup programs. For example, if you install a website package, make sure the setup directory is deleted. Otherwise people can come along, rerun the setup program and reset the userid/password. #4 Review all processes running on your server. In linux, type in 'ps aux' to show everything that is active. You need to know what every single one of those results is doing. If it's not needed, turn off the process. Leave only stuff running that you absolutely need. For example, I don't have FTP running on my servers, since I use ssh not ftp to upload files. #5 Review individual packages for security settings. For example mysql used to have networking turned on (that's changed) which meant external servers could make mysql calls. For most of us running the program and the database on the same server, networking on in mysql is a security risk. #6 Check for all open ports (there are tools to do this). Make sure that only ports that are needed are open. (if you're not using FTP, then you don't need the port that FTP uses left open). This is done through firewalling. For a newb, find a tool to admin the firewall. The nice thing is, once you've gone through this process step by step, it becomes very quickly a lot faster and less work. i.e. once you've investigated what processes should be running, you can check them once in a while and recognize anything new or funny. There are programs available as well that do monitoring for instrusion attempts.