Why Security Matters To You

H · October 18th, 2006, 11:29 PM

Security with web hosting is one of the most crucial components to keeping things happy and stable. Using bad practices and software can result in a lot of damage, if not ruin your site. It's a hard task to keep things secure as some of it is out of your control.

Every piece of software or code you run on the server is subject to attacks. Whether it's self-coded, open-source or something you've purchased. Doesn't seem to matter.. it all gets attacked. SQL injections, mailers, site defacements, cross site scripting and tonnes of other attacks.

One successful attack can take out your site, possibly your server. Generally you can recover a good portion of anything lost, but sometimes you just don't have a back-up to revert to. Keeping all software up-to-date is essential. When a new security patch is released, plan to apply it as soon as you can. Not doing so opens a window of attack... on known and widely used software it can burn you big time. If it's a server component that needs updating, contact the host to let them know. While it's not always possible for a host to update immediately, you can be assured they're aware of it and planning to do the update.

Here's why security actually matters to the individual.

We all use our hosting space for our own purposes. Sometimes it's for a blog... a portfolio... a store... hosting resale or whatever. What's common is that they're all web sites and running on a server, usually a shared server. Security matters to you because it affects others. Whether it be an attack on you that takes out the server or exposed client data. Someone else other than yourself is affected.

That rogue mailer script is impacting performance. They put the script on your server through an unpatched copy of phpBB. All of your hosting clients had their personal information revealed because you stored a back-up within a public directory. Your forum was whiped clean because your admin password was 'admin'.

There's really no time or situations where security isn't much of a concern. It's better to be more aware, more secured and prepared than to find out "oops...".

H says secure your shizzle.

**Kayla** · October 18th, 2006, 11:48 PM

Loved it - stickied.

**GamingHybrid** · June 19th, 2007, 1:58 PM

Also, for paid software (actually, for any software) you should just get rid of the version number in the copyright, but no tthe copyright itself unless you have bought the option to or have some type of agreement with the development company.

I'd say this keeps people less noticeable if your software is out of date and / or not patched for security reasons. Sure, I'd assume they can find out how secure your version is anyways, but at least it is better that you aren't helping them

m0nty · December 19th, 2007, 7:08 PM

and make sure you place an index file index.html in all folders (obviously except where you already use index.html or index.php files)

having an index.html file in all folders will stop people being able to browse the files in that folder. a high risk if there happens to be executable files stored there.

make sure that none of your folders are world writable (chmod 777) that is Bad!! surpass servers i believe all use suexec. therefore you can safely use chmod 755 on ALL folders, even those that require write access by your script for example: an upload script.

remember, if a malicious file gets uploaded to your website, and is executed by a malicious user, he can not only damage your website, but probably that of other websites hosted on the same server.

on my site I have placed a php.ini file in all folders that have directly executed scripts in.
the php.ini file contains the following >

Quote:

register_globals = 0
allow_url_fopen = 0
session.use_only_cookies = 1

obviously if you do actually require any of those or u don't want to force ur users to use cookies then u can remove them. but is better and securer for your sites.

H · December 19th, 2007, 7:10 PM

Rather than putting index.html files in, you should probably just add something to the root public folder's .htaccess:

Code:

Options -Indexes

That way you don't have to work about makes the index.html files all over the place. And they should also get the appropriate response code.

**Roxy** · December 23rd, 2007, 12:25 AM

Thanks H and everyone else, I just learned a little something from this! Security is you're BEST FRIEND!

PS: DO NOT download any scripts, plug-ins, or themes from third party sites. If the person who owns the site DID NOT create the following, then don't download it. Chances are they modified it for possible attack.

October 18th, 2006, 11:29 PM	#1 (permalink)
H after g, before i Super #1 Joined in Jul 2004 Hosted on Gojira 7,735 posts Gave thanks: 40 Thanked 117 times	Why Security Matters To You Security with web hosting is one of the most crucial components to keeping things happy and stable. Using bad practices and software can result in a lot of damage, if not ruin your site. It's a hard task to keep things secure as some of it is out of your control. Every piece of software or code you run on the server is subject to attacks. Whether it's self-coded, open-source or something you've purchased. Doesn't seem to matter.. it all gets attacked. SQL injections, mailers, site defacements, cross site scripting and tonnes of other attacks. One successful attack can take out your site, possibly your server. Generally you can recover a good portion of anything lost, but sometimes you just don't have a back-up to revert to. Keeping all software up-to-date is essential. When a new security patch is released, plan to apply it as soon as you can. Not doing so opens a window of attack... on known and widely used software it can burn you big time. If it's a server component that needs updating, contact the host to let them know. While it's not always possible for a host to update immediately, you can be assured they're aware of it and planning to do the update. Here's why security actually matters to the individual. We all use our hosting space for our own purposes. Sometimes it's for a blog... a portfolio... a store... hosting resale or whatever. What's common is that they're all web sites and running on a server, usually a shared server. Security matters to you because it affects others. Whether it be an attack on you that takes out the server or exposed client data. Someone else other than yourself is affected. That rogue mailer script is impacting performance. They put the script on your server through an unpatched copy of phpBB. All of your hosting clients had their personal information revealed because you stored a back-up within a public directory. Your forum was whiped clean because your admin password was 'admin'. There's really no time or situations where security isn't much of a concern. It's better to be more aware, more secured and prepared than to find out "oops...". H says secure your shizzle. Last edited by H; October 18th, 2006 at 11:30 PM.

October 18th, 2006, 11:48 PM	#2 (permalink)
Kayla バタフライ Joined in May 2003 Lives in Orlando 23,560 posts Gave thanks: 885 Thanked 706 times Blog Entries: 28	Loved it - stickied. __________________ theWHIR.com/kf My Surmunity Profile Page!

June 19th, 2007, 1:58 PM	#3 (permalink)
GamingHybrid Bow before Surpass! Super #1 Joined in Sep 2004 1,542 posts Gave thanks: 91 Thanked 49 times	Also, for paid software (actually, for any software) you should just get rid of the version number in the copyright, but no tthe copyright itself unless you have bought the option to or have some type of agreement with the development company. I'd say this keeps people less noticeable if your software is out of date and / or not patched for security reasons. Sure, I'd assume they can find out how secure your version is anyways, but at least it is better that you aren't helping them __________________ Wii Hotspot - Upcoming project! -http://www.wiihotspot.com Make a cPanel Login Form \| Why is my Account Suspended?

December 19th, 2007, 7:10 PM	#5 (permalink)
H after g, before i Super #1 Joined in Jul 2004 Hosted on Gojira 7,735 posts Gave thanks: 40 Thanked 117 times	Rather than putting index.html files in, you should probably just add something to the root public folder's .htaccess: Code: Options -Indexes That way you don't have to work about makes the index.html files all over the place. And they should also get the appropriate response code.

December 23rd, 2007, 12:25 AM	#6 (permalink)
Roxy URB4N 5K1LLZ Super #1 Joined in Sep 2005 Lives in Orlando, FL Hosted on SH63 2,279 posts Gave thanks: 59 Thanked 101 times Blog Entries: 4	Thanks H and everyone else, I just learned a little something from this! Security is you're BEST FRIEND! PS: DO NOT download any scripts, plug-ins, or themes from third party sites. If the person who owns the site DID NOT create the following, then don't download it. Chances are they modified it for possible attack. __________________ Roxanne Surpass Staff Urban Roxy -Personal Blog SH63 - the best darn shared server!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread: