|
10 February 2010
Posted in
Web Design
Are your websites secure? This is one thing all online professionals are aware of, but only a few are on top of this problem. How do you secure your site and how much do you trust it? All site security measures have a backdoor; it's just about finding the one that has the lowest risk of being figured out. Find out here, whether you should be implementing new or extra security measures on your site.
One thing you can do is to delete old, unused, outdated scripts and update all of the scripts you do use, as soon as an update is available. This will help protect your site, as the older versions of script will have more people that understand how to hack it. Any old unused scripts act as a very weak shut door, making it easy to access your site through the script.
View all of your scripts as doors, the strength of that door will depend on how up to date it is. Why would you place two extra secure doors on a property containing lots of valuables and valuable information inside, just to put a flimsy plywood panel over one of the street level entry points? It's like buying an expensive security door and leaving it unlocked. Keep all your scripts up to date!
The second measure you can implement now is changing the default script settings. If you don’t understand quite how to do this then ask a trustworthy friend (or a very trusted computer technician if you do not own any) to help. Most scripts have default passwords and critical directories, and most people keep these settings. Well these default settings are what the hackers already know. So if your site still uses default settings on its scripts, nearly every experienced hacker out there will know where all of your most important files and settings are stored.
Your web logs, are they safe and secured? If not you need to do this now. The programs and files that you use to access, read, edit and manipulate your web log data are often not even password protected. Go put a password and any other security measures you can on these files and programs right now.
If you do not secure your web logs, anyone who accesses it can download any file from your server, any confidential info, any paid for download products, anything, it’s all accessible.
Put an index page in every directory. When someone types in the domain name of a directory, if there is no index page in that directory the person will see a directory tree, which will allow them to have access to any file in that given directory. When there is an index page, they simply see that instead, which does not allow access to any of the files. Putting one of these in keeps prying eyes out, so you will want to do this now too, make sure you include one in every directory.
If you have downloadable products that people should be buying, you should give the download pages hard to guess names, i.e. ‘www.abcservices.com/product-1/download.html’ is not a good name for a download page. Many people will guess this and bypass payment by just typing out that URL. If you find any of your download pages to have even a slightly obvious URL, change it straight away, unless it's a free download page.
There are many more things you can do, but for those you will have to get them yourself. Just search the web, and read some more articles on site safety, there are many tips floating around out on the net, most of them will have different measures you can implement. Any new security measures that you come across are always worth using. You may want to check out some specialist web security sites out, any that offer free tips or special offers etc. Just try to keep your site as secure as possible.
Comments
RSS feed for comments to this post.