Many webmasters start out by launching their websites in shared hosting environments because they are cheaper and suit most of their needs and even run on optimal speeds. However, as enhancements are added to sites such as forums, mailing lists, and other things where users can register and input their private information, security begins to become a more important issue.
This can alarm some webmasters especially when their databases get more populated drawing more concerns of possible hacking and database stealing. To be relieved from these tensions, webmasters would resort to switching to a dedicated server so they can "feel further away" from the other sites that are in shared servers. In a dedicated hosting, webmasters feel more secure and isolated making it much more difficult for attacks to take place.
This may solve a lot of security issues, but you should know that it does not make your website and database completely impenetrable to possible attacks and hackings attempts. However, by following some of these tips, you can give your site enough security to repel just about any standard hacking attempts.
Securing your FTP access
Beefing up the security of your FTP accounts should take priority since just about all webmasters rely on it to keep their sites updated and allow trusted users to access the files.
Turn off anonymous FTP
Start out by turning off anonymous FTP access. Even if you make your files undeletable, turning off anonymous FTP access means preventing all unwanted users from checking out your directory structure and stealing sensitive files or uploading malicious code that can allow remote access, spying, virus injecting, worm uploads, and other intrusive functions.
It is better to just create FTP accounts of people that you really trust so that access to the server is highly limited to these accounts. Always remember to use a complicated password to avoid regular password guessing or brute force methods. Try to limit the number of accounts as well because granted accounts can do just about anything depending on what permissions are assigned. You want to minimize all possible chances of account stealing.
Adding security to your PHP applications
If you are using a forum or a portal or some form of content management system, you are most probably using PHP. PHP is one of the several scripting languages that face heavy attacks and are frequently targeted by hackers.
Keep your PHP and PHP applications up-to-date
Every time hackers exploit some of the flaws in PHP applications, web developers usually respond to this quickly by means of patching the flawed areas and making a new release. You as a webmaster should also respond to this by keeping up-to-date with your PHP application version and more importantly your PHP version as well. While most good servers do the upgrades for you, it is always good to check the PHP version you are using and make sure it is the latest version. If it isn't, it never hurts to contact support and kindly requesting for an update. However any PHP applications that you install should be your responsibility in making sure it's the most recent version. Also, avoid the use of alpha and beta builds of programs as they are more prone to hacks.
Set register_globals to OFF
This field can be found in your php.ini, if you can't find it, contact your webhosting support for assistance. Though the later versions have register_globals off by default, it is still important to check and make sure it's off because leaving it on gives you a wide opening to a security breach. Try to make sure that the register_globals are OFF with the other PHP applications that you upload into your server.
Use your control panel to scan for other security flaws
Some control panel setups allow you to scan the system for possible security flaws. If you ever come across that option, make good use of it as it aids you in checking if your site is truly safe or if updates are necessary for added security.
It is important to be alert with these security issues and deal with them accordingly so you won't have any problems with your dedicated web hosting. These tricks also work on shared hosting setups too so you can always have added security no matter which type of hosting your using now. Never forget to stay updated with the news and keep subscribed in software that you use so you can patch things right away.
Fei Lim is the CEO of Limdox Technologies which offers web hosting [http://www.limdox.com/index.php] and web design [http://www.limdox.com/tml/websitecustomization.php] services.
No hay comentarios:
Publicar un comentario