U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Internet
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
 
Old 09-29-2011, 05:27 AM
 
40,169 posts, read 41,782,366 times
Reputation: 16740

Advertisements

These are things you can do to avoid common mistakes, it's just a list of things where people fall into the trap of things commonly exploited. Nothing can ever be 100% secure but layers of security make you less of a target.


Passwords.... can't be said enough. Always use hard passwords and never use the same ones for different logins. I would suggest something like Keepass to create and manage your passwords.

Usernames.... Do not use simple and easy to guess ones. For example most hosting control panels by default are set up using the domain as the username, MySQL(or other database) usernames/passwords is commonly set up like this too, change them. When testing things never use "test", "testing" or other common names you might use, I must have at least one hacker a day trying to log into FTP accounts using "test" as the username.

If you have installed something like Word Press, phpBB or other web applications these often have admin folders in the public_html folder that the public does not need access too. Protect them with .htaccess password.

When transferring files use SFTP capable software, you wouldn't log into your control panel without secure connection (hopefully), why would you do it using FTP? Same thing goes for you mail server, use and force secure logins for others if you can.

If you have to give your password(s) to someone no matter who they are change it immediately after they no longer need access. Think very carefully about who you give this information too and limit it to as few people as possible, no one is the preferable number.

If you have installed something like Word Press or phpBB be sure to keep up with the updates. Once a fix released the exploit is known to the entire world. If you are considering installing any of these applications don't do it from the control panel. They are often out of date installations and frankly if you cannot install manually you really have no business installing it.

Applications like Wordpress and phpBB will often have footers with common text, "Powered by phpBB © phpBB Group". Read the license and how they handle this, change it to an image if you can. If a version number is listed, get rid of it all together.

If your going to install applications for testing them out do it locally using XAMPP, if you do install on a live server uninstall it once your done.


.....again just a short list I can think of off the top of my head. You may not be aware of it but your site is constantly under attack and these are some of the most common mistakes hackers are looking for. Don't make yourself an easy target.
Reply With Quote Quick reply to this message

Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Internet
Similar Threads
Follow City-Data.com founder on our Forum or

All times are GMT -6. The time now is 05:10 AM.

© 2005-2019, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top