General Security - A Must Read

This is just general security that you should know::


[-] Shared Hosting?

if you are on a shared host, means you have other websites on the same server, you can never be too paranoid.

that's why, if you run a CMS / Forum, anything that needs MySQL access. most probably your password is plaintext in a file.. and all the sites on that server, most likely can have access to that file... sucks eh?


well, there are some solutions:

- Move the config file `that contains the pass / user, to the user directory.. example:

/home/darkmindz/public_html/config.php << thats where it usually is..

you can move it to:

/home/darkmindz/config.php

that makes it really harder on the attacker to get the file, unless he roots the server, or knows exactly what the filename is...

next solution is:

encrypt your files,, you can use Zend or IonCube, or some other custom encryption..you can look that up, we are not going deep into it.

[-] Been Hacked?

Well, if you have been hacked once, you cant just get your backups up, and move on with your life.. wrong!

you will need to look for backdoors, if you can delete ALL the files on your site, and get new files from a backup, it would be much better, but if you cant, then you need to check for the files the `hacked` could have edited... in most cases, the `hacker` would be using a c99 PHP-Shell to go over your files and edit them.

so, lets see what files he could have edited, you can do that by looking in your SSH / FTP for writable. an easier way, is just to look at your files the way the `hacker` saw it..

you can upload a c99 PHP-Shell to your site, and look for the green perms files, those are editable, then you can either replace those files with new ones, or if you know what to look for, then open them up and look for backdoors left by the hacker..

Now, I dont really have to say this, but..

Change all your passwords. FTP, SSH, cPanel, Admin panel. EVERYTHING.

[-] The best way to secure your self, is to know what the attacker is looking for.

Yea, Read some webhacking tutorials, we have a bunch of them here, this is what all / most hackers read, and go after your site based on it...

once you know what they are looking for, you can find a way around it, maybe in another tutorial I will discuss securing your webapps.

Okay, that was a basics of what you need to know / do, to keep your site secure, we will go more into it with webapps security, comments and suggestions are welcomed

Source: www. darkmindz .com/forum/general_web_security-num219

Thanks for sharing with us. I'll move the config file config.php from public directory to the user directory.

Defintley something I will have to do next time i get some energy Thanks for sharing. BTW, have you tried doing this before?

__________________
Peter J. Foti

Thanks John Allen for helpful tips..

I;ve never knew about people can access files from shared hosting..I guess I've to do a lot of works to encrypt my files

__________________
Make Money Online | Mobile Phones

Thank you John for sharing with others. It looks pretty good. I'm gonna take this text to my notepad.