Hi guys, I'm starting this thread after something starnge appears on my server. (I use JustHost) I'm more into design, so, I'm asking you to post any tips on how to secure server, (eg.: ftp connection, .htaccess, WP installations, OSC installations, Drupal,...) Any software you know (free or not) will be very usefull. Thanks
For a Linux server, there are many things you can do. Some of which are: 1. Change ssh port (use keys if possible as well/allow only specific users) 2. Disable unneeded services 3. Install a good firewall 4. Disable dangerous / unused PHP functions / harden your PHP 5. Install mod_security 6. Virus scan FTP uploads 7. Install root kit detection 8. Set root email to off server email account 9. Make sure your passwords are tough to guess. This is a big one, especially for the root user, this should be a very tough password. This is a quick list, as there are many other things that can be done. Chris
If you don't mind could please detail these a lot more. Can you provide some intructions to how to apply them? Thanks a lot.
I do have some of these things listed out in my blog. Some of the listed items above do depend on what operating system / control panel you have installed as well. If you have more questions, feel free to PM me or post them.
Thank you very much for the link. There are many useful things. I will ask you if I run into troubles trying to install them. Thanks again for the help.
that's mean your own server made?? if yes, you can patch your sistem, using high qulity router.. i suggest you use belkin. and for software..you can use bee trap for redirecting for phiser. for more information & referense,visit us at: http://superhacker.org regards!
I guess I misunderstood your original post. Most of my answers above were geared towards you having control over the server. From a shared hosting perspective, some of the things that I recommend doing are: 1. Make sure your passwords are strong. This goes for your main account password, to any password that you use within your site to access sensitive areas. 2. Protect your administration folders with .htaccess authorization. You can do this through IP protection, or, having another user name / password combination to gain access to the folder itself. This is a quick overview here. 3. Depending on your hosts setup (suphp, suexec), you may want to check permissions on your files and folders, to ensure that no one else is able to read them. 4. Review your sites logs. Look through the web and ftp logs to ensure that no one has messed with your site. Hope this helps, Chris
owh... yyou just using shared hosting?right... okay.. i see. i think..for secure, you must be use bee trap if later your website hacked. using combined password. and change for CHMOD mode.. regards, Noctis Warlock [http://superhacker.org]
If are not a DIY person, just use the link on my signature. I do full website audits for a cheap price.
Also don't forget to disable ssh logins for root. Maybe install logwatch so you can monitor what is happening on your server.
Rent a Server MAnager For yourself who will Secure it his own and You can Well, Contact him in anycase of trouble sthen, Easy Way OR if you go alone, Take care of Passwords, Annoymous FTP, Scan FTP uploads, CHmod Directories PRoperly and much more as others said
Open Text, the mother of all Canadian software-centric companies, has released a new secure network access tool called Connectivity Secure Server under its Hummingbird Connectivity Ltd. division.