Sunday, January 20, 2008

10 Simple steps to protect Your web site

1. Try to keep index.html file in your folders. This makes difficult the folder contents to web accessible.

What is 'web accessible'?

Sometimes you will see the list of files in the browser when you type the URL to that folder. For example, you have a folder called 'private' in your root directory. URL for that folder will be 'http://www.yourdomain.com/private/'. If you type this path in your browser you will see the list of html files, images, downloads in your browser.

If you keep an index file in that folder, and type the above URL, always the index.htm will be displayed instead of files listing.

2. Robots.txt: If you have any private or members folders this file is a must. It stops the search Engines crawling in to your private folders.

3. Use a good script for form proccessing. Your script should check the syntax of the input before proccessing the input. It should check email format before sending the data for proccessing. This is to prevent entering manipulating data that will do unwanted things like file corruptions, deletions or accessing password files etc.

4. Put all your cgi scripts in cgi-bin. Usually web hosts won't allow you to keep the cgi scripts out side the cgi-bin. So you are safe in that point of view. You don't have a choice so you should keep your cgi scripts in your cgi-bin.

5. Don't chmod any of your files and folders ' 777 '. ' 711 ' prevents the folder contents webaccessible. '777' is the most unsafe file permission on the unix. It gives the whole world the access to your folder and anybody can do anything to your files.

Some of the cgi scripts need to be chmod to '777' to make them work. Most of these are 'data' files for your scripts and resides in your cgi-bin.

6. Select the passwords that are not in dictionary and avoid people names. Use both letters and words with minimum of 10 characters. If you have a membership area tell your members to select passwords carefully.

7.Protect your downloads. There are many cgi scripts to do this purpose.


8. Check the access logs frequently especially when you have members area. This is to prevent password sharing and unauthorized logins.

9. Don't give your username and password to anybody. If you want you can change it frequently. Keep all your passwords in seperate protected folder on your computer.

10. Always 'logout' of your administrative area.

No comments: