11-21-2016, 02:18 AM
Web-Server Security Guide
Introduction
When you create systems that store and retrieve data, it is important to protect the data from unauthorized use, disclosure, modification or destruction. Ensuring that users have the proper authority to see the data, load new data, or update existing data is an important aspect of application development. Do all users need the same level of access to the data and to the functions provided by your applications? Are there subsets of users that need access to privileged functions? Are some documents restricted to certain classes of users? The answers to questions like these help provide the basis for the security requirements for your application.
Picking the Right Web Host
This is a very crucial part of web-server security that no web-developers never really think about. Servers get rooted all the time, it happens. A hacker could just upload a shell and deface the one site, but most of the time they will go for gold and try to root the entire server. A good web host will protect you from this, so when picking just remember this:
Quote:Any free web host is a bad web host.In my own opinion the biggest free host to avoid is 000WebHost. They will take down your site within about a week of it being up, and force you to upgrade to get it back.
Staying Up-to-Date
Remember to keep all of your software up-to-date. Generally updates are to fix a few bugs, but sometimes they patch a few vulnerabilities in their software, and if you don't update the hacker can exploit that vulnerability and use it against you. All because you didn't take 3 minutes out of your precious life to go click a button. Checking for the latest updates on every plugin and the sites design itself is recommended to be done at least once every two weeks.
Â
Delete the Installation Folder
After you install some software, like MyBB, the installation folder is left on your web-server. It is highly recommended to remove that folder after the installation is complete. If not then there are lots of things that could occur with that folder that you really wouldn't want to happen.
Passwords
This is very simple, and users don't even take the time to do it. Make sure to use strong passwords, not just your standard "blah1234" use something unique. Also don't make a password that meets the minimum length, that will definitely make it easy for a hacker to gain access by narrowing down the possible password combinations. There are many sites and softwares that can generate strong passwords for you. This one is probably the best:
RandomKeyGen
Â
Prevent SQL, XSS, and More
This is something we use right here on OmegaForums. It is called PHP-Firewall, it filters out malicious codes. You can download it from here:
PHP-Firewall.info
Also, as a bonus, this is how you add it to the MyBB forum software:
Open global.php
Add This Code at Beginning:
Introduction
When you create systems that store and retrieve data, it is important to protect the data from unauthorized use, disclosure, modification or destruction. Ensuring that users have the proper authority to see the data, load new data, or update existing data is an important aspect of application development. Do all users need the same level of access to the data and to the functions provided by your applications? Are there subsets of users that need access to privileged functions? Are some documents restricted to certain classes of users? The answers to questions like these help provide the basis for the security requirements for your application.
Picking the Right Web Host
This is a very crucial part of web-server security that no web-developers never really think about. Servers get rooted all the time, it happens. A hacker could just upload a shell and deface the one site, but most of the time they will go for gold and try to root the entire server. A good web host will protect you from this, so when picking just remember this:
Quote:Any free web host is a bad web host.In my own opinion the biggest free host to avoid is 000WebHost. They will take down your site within about a week of it being up, and force you to upgrade to get it back.
Staying Up-to-Date
Remember to keep all of your software up-to-date. Generally updates are to fix a few bugs, but sometimes they patch a few vulnerabilities in their software, and if you don't update the hacker can exploit that vulnerability and use it against you. All because you didn't take 3 minutes out of your precious life to go click a button. Checking for the latest updates on every plugin and the sites design itself is recommended to be done at least once every two weeks.
Â
Delete the Installation Folder
After you install some software, like MyBB, the installation folder is left on your web-server. It is highly recommended to remove that folder after the installation is complete. If not then there are lots of things that could occur with that folder that you really wouldn't want to happen.
Passwords
This is very simple, and users don't even take the time to do it. Make sure to use strong passwords, not just your standard "blah1234" use something unique. Also don't make a password that meets the minimum length, that will definitely make it easy for a hacker to gain access by narrowing down the possible password combinations. There are many sites and softwares that can generate strong passwords for you. This one is probably the best:
RandomKeyGen
Â
Prevent SQL, XSS, and More
This is something we use right here on OmegaForums. It is called PHP-Firewall, it filters out malicious codes. You can download it from here:
PHP-Firewall.info
Also, as a bonus, this is how you add it to the MyBB forum software:
Open global.php
Add This Code at Beginning:
Code:
define('PHP_FIREWALL_REQUEST_URI', strip_tags( $_SERVER['REQUEST_URI'] ) );
define('PHP_FIREWALL_ACTIVATION', true );
if ( is_file( @dirname(__FILE__).'/<Firewall Path>/firewall.php' ) )
  include_once( @dirname(__FILE__).'/<Firewall Path>/firewall.php' );