Online security – prevent your site from being hacked
I don’t really have to say how much website security is important – nobody would like to wake up one morning and see his home page offering cheap Viagra or Cialis, for example. There are a lot of ways to prevent this, and today I will share with you some tips on how to better secure your site. If you are on a shared web hosting server (clients under the Free Reseler Program, the cPanel Reseller Program and owners of Semi-Dedicated Servers), you will not have to worry about server-side security – it will be handled by your web hosting provider. What you can do is focus on your website content and security. Use the latest software versions. While this may sound like something, which everybody knows and does, it’s not uncommon to find a very old version of a script running on a certain site. The words “it was working okay, so why update it” can sound like a reasonable excuse, right until the moment your site is hacked. Newer software versions often include security patches for exploits found in previous versions. This is very important if you are using a CMS script like Joomla or WordPress. Check for common vulnerabilities. Cross-site scripting and SQL injections are the usual suspects – there are a lot of tools, which can help you check if your site is secure. Such vulnerabilities are most commonly found in custom developed websites – the popular CMS scripts are usually well protected against such attacks. Check your log files. The log files may seem like just gibberish and non-sense technical data, but they are actually important – they can show you information about who tried to access your site, what errors were caused, etc. It’s always surprising what you can find in your logs. A check a week or so will not hurt your free time, but will be good for your site’s security. Check your files’ permissions. On a Linux sever, the file permissions will determine who can access and modify your files. Select your permissions so that only you can edit them, and avoid using 777 permissions – a file with such permissions can be edited and executed by anybody, which is dangerous. Use secure passwords. The simplest type of attack is a brute force attack – a script will try to guess your password, using random letters and numbers. The more complex the password is, the harder it will be to break it down. Passwords, such as “letmein”, are much easier to break. A combination of lower and upper case letters plus numbers will make the password much more secure – L37m31n. If possible, you can also add symbols to make your password even more secure. However, have in mind to keep your passwords easy to remember – you wouldn’t want to forget your password and not be able to log into your mail, for example. Originally published Friday, December 11th, 2009 at 3:45 pm, updated December 11, 2009 and is filed under The Free Reseller Program.