Web Site Security
The website is a symbol and image of the company is therefore necessary attention to its content and safety.
On the internet prowl specialized groups dealing with change code or gluing pieces of malware own Web sites.
Therefore, it is important to prevention and observe the following rules:
1. Password - a good password to access the site - a minimum of eight-character password contain special characters or uppercase, if possible declare the IP addresses from which it is possible to login to the site. The password should be changed regularly.
- Do not save passwords in programs to connect to the FTP site.
2. Login - Change the standard login login to the site with admin on another utrudnisz in this way a dictionary attack.
3. FTP - remember that enables access by ftp interfere with the structure of the site. It is safest to restrict access to the FTP server for the selected IP numbers, use strong passwords and change them often.
4. Login SSL - secure access to the site through an encrypted SSL login. By signing this protocol minimizes the chance overheard password.
5. CMS - using a commercially available, eg CMS. Joomla or Drupal should limit the amount of installed components and plug-ins to a minimum.
6. The folders and files - correctly set attributes for folders improve site security - badly set permissions cause the possibility of adding code to your website. Linux systems attributes to folders and files must have the following values:
644 (for files)
755 (for folders) taking into account the respective owners of files and folders.
Sometimes it is required by the system set attribute (777) reading writing and performing for type TMP folders or Cache
7. Index.html - index.html should be placed in all folders. They prevent listing the contents of a folder which makes it impossible to check the recorded files from the browser level. Insight into the folder listing shows the attacker structure, version and makes it easier to carry out a rapid attack or podegranie malicious code on a website.
8. .httaccess - if you use .httaccess follow the instructions in the file "Options - Indexes" that protect your site from listing files in folders
9. Updates - take care of the update. New versions of PHP, Apache, MySQL are continuously improved and secured. After detecting security holes producer amendment seems to be immediately uploaded to the server to its security. Disregard update system components reduces the security website. When publishing patch is released list of errors removed the information used by hackers.
10. Copies - Backups should be done regularly automatically or manually.
For the safety of the site must be observed at the same time all of the above.