Web Hosting Security Tips
Often we are worried about our hosted websites. Its better to be proactive and make your hosting secure rather than wait for the intruder to make you realize that 🙂
1. Change your passwords regularly Keep strong passwords and never use the same password for different accounts. Changing the password will bring a bit of uncertainty in play which is ofcourse a better option.
I know you may find it a bit difficult to remember so many different passwords and that too by writing it down. So, it is better to use a password manager application software. Now a days, there are many softwares available such as Password Gorilla (uses Blowfish algorithm) , KeePass Password Safe, Oubliette, Password Safe, Revelation etc. Some of them can be used for Windows while others can we used for any OS (Linux,Free BSD)
2. Use Rkhunter or Chrootkit Rkhunter checks for rootkits in the server and reports them. Chrootkit checks for known signatures in the system binaries and reports if it finds anything suspicious.They check out for scripts that hackers can put into your server just for fun or otherwise serious implications. Keep checking their logs regularly to keep you updated.
3. Always keep checking whether your files and folders have got the correct permissions or not There are chances for hackers to upload some files if the permissions are 777. If you have any doubt about any of the permissions, report it immediately to your hosting provider.
4. Deleting the old files and folders which you are no longer using is also a good practice. Not only it clears up some disk space, it also gives less opportunities to hackers. Also, the number of files which you have to secure will be less.
5. Make sure that every software is updated As all of us know that Linux is a open source OS, hence periodically every software used in Linux distributions gets updated to remove the previous flaw. Make sure that every update is done to tighten the security.
6. Its always advisable to disable the feature “allow url fopen “ in PHP system functions as it provides the hackers the opportunity to put some php scripts.
7. Securing MYSQL should also be given high priority. Accessing of the MySQL database should not be allowed for any and everyone. Securing MYSQL can be done with the help of Access Control Lists and SSL-encrypted connections, for protecting the php MySQL web development. Its always preferable to enable SSL-encrypted connections.
8. Its advisable to use SSH and SFTP protocols instead of telnet or FTP. Telnet and FTP are considered to be insecure as they don’t use any encrypted protocols. In a hosting environment, its always preferable to use encrypted methods
9. Always take the backup of the websites as well as databases on a daily basis. Its preferable to keep the backups in different locations for security purpose as well as in case of server crash scenarios.
10. If you are using any content management softwares then be very particular about the guidelines which they have mentioned.
The above is a very rough outline of the Security measures, if you have any questions, we would be happy to talk to you! 🙂
Blog edited by :
Arundhati Rath works as a Software Engineer in Bobcares. She joined Bobcares in June 2011. She loves listening to music in her free time.