Welcome to Las Vegas, Nevada- the Gambling Capital of US and the City that never sleeps! So, what has this city have to do with this site. The answer is none. I just love the photo, I took during our vacation to this city a couple of years ago. In this site, you will find articles from my autobiography, global warming, senior citizens issues, tourism, politics in PI, music appreciation and articles about our current experiences as retirees enjoying the "snow bird" lifestyle between US and the Philippines. Your comments will be highly appreciated. Please do not forget to read the latest national and international news. Some of the photos and videos on this site, I do not own. However, I have no intention on infringement of your copyrights. Cheers!

Saturday, August 7, 2010

How to Protect your website from Hackers

The following is an article by R.T. Cunningham posted on www.untwistedvortex.com
Thank you Mr. Cunningham for a very informative article. I hope you do not mind my reprinting it in my blog. I could always delete it any time if you mind.

"Regardless of what kind of website you have, you need to know how to protect your website from hackers. Depending on your website requirements and the type of web hosting you have, there are a few different options.

Shared Hosting and Static Websites

The least amount of control you can possibly have with a static website is on shared hosting. With shared hosting, you're limited to using .htaccess file protection if your server even has that kind of support. Linux servers do, but I'm not familiar with Windows or other hosting platforms.

Even so, .htaccess file protection can only protect web servers after connections are already made. The methods are either the allow/deny options and/or rewrite rules. Both of these methods are the lowest form of effective protection. The connections will appear in your access log for either one and will appear in your error log for denials.

If you have the ability to use PHP, even though you're serving static files, you have more options at your disposal which I'll get to in a moment.

A recent news item I came across tells me that BlueHost is ahead of other shared hosting providers in at least one regard. Take a minute and read "BlueHost Advantage – VPS Protection At Shared Hosting Prices" to find out more about it.

Shared Hosting and Dynamic Websites

Dynamic websites are those that use ASP, ColdFusion, PHP and other server-side scripting languages I haven't heard of. With shared hosting, you only have access to your root directory and subdirectories off the root directory. While I'm not familiar with the other scripting languages, with PHP you at least can take your website security a step further than a static website.

I recently read "How To Protect Your Blog From Hackers" and this is exactly the kind of information that mixes apples and oranges. Two of the tips have nothing to do with protection – one talks about the computer you're using, which obviously has nothing to do with a web server (unless you're running a personal web server at home, which is rare) and the other talks about restoring files after a hack has already been successful.

Making sure your scripts (i.e., CMS or blog) are up-to-date and server software is up-to-date (as much as you may have actual control over it) is a no-brainer. Making sure you use hard-to-guess unique passwords is another no-brainer. Despite being no-brainers, they're often overlooked by a lot of people who can't seem to find the time to concentrate on website security.

I also recently came across ZB Block, which looks like an effective solution to things you can control within dynamic websites that rely on PHP. I have yet to try it – I use my own custom PHP script to drop Apache connections and I'm constantly improving it. Perhaps I'll find that ZB Block already does what I want to do and when I find time, I intend to try it on for size.

Non-Shared Hosting

I'm talking about VPS or dedicated hosting. VPS hosting is affordable and unless you're a complete newbie to website management in any form, I highly recommend it. I probably pay much more than I need to with Media Temple's (ve) server (VPS without a control panel – maximum control), but I like being able to do the things I need to do without having to wait for someone else to do something I can do for myself.

The .htaccess and "ZB Block" options, as well as any other forms of protection you can use from within your "host", can be augmented by a firewall. I think IPtables is a pretty good firewall for the Linux OS, but I can see some faults with it – faults I wish I knew how to do something about. Nevertheless, the firewall prevents denied IP addresses (standard or CIDR notation) from even connecting to anything beyond it. It's the most effective protection for any website or group of websites. I use it continuously – I would be overrun by botnets without it".

In Summary

I've briefly gone over the basics of how to protect your website from hackers. I'll get into more details with future articles, but please don't hold your breath. I'm known to forget things – just another piece of proof that I'm getting old.

Note: Bob, you sounds like me, also getting old with bouts of senior moments every now and then! So, I wouldn't hold my breath, but will keep checking your site every now and then!

No comments:

Related Posts Plugin for WordPress, Blogger...
Related Posts Plugin for WordPress, Blogger...
Related Posts Plugin for WordPress, Blogger...
Related Posts Plugin for WordPress, Blogger...