and make sure you place an index file index.html in all folders (obviously except where you already use index.html or index.php files)
having an index.html file in all folders will stop people being able to browse the files in that folder. a high risk if there happens to be executable files stored there.
make sure that none of your folders are world writable (chmod 777) that is Bad!! surpass servers i believe all use suexec. therefore you can safely use chmod 755 on ALL folders, even those that require write access by your script for example: an upload script.
remember, if a malicious file gets uploaded to your website, and is executed by a malicious user, he can not only damage your website, but probably that of other websites hosted on the same server.
on my site I have placed a php.ini file in all folders that have directly executed scripts in.
the php.ini file contains the following >
Quote:
register_globals = 0
allow_url_fopen = 0
session.use_only_cookies = 1
|
obviously if you do actually require any of those or u don't want to force ur users to use cookies then u can remove them. but is better and securer for your sites.