How to improve security of your website. General rules I.
In this article I'll try to help web newbies (but not very newbies) how to improve security of their websites using a FTP client. I won't teach you how to use ftp nor explain how to set rights. For such help I may write another tutorial, but you can search the web for very beginners resources.
For cpanel users:
First of all, make sure all directories are 751 and all files are 641. You can make this very easy using Filezilla. Set the rights for the root directory and then check the proper buttons (751 for directories only) and repeat the same step for files only (641).After you set the correct rights, don't forget to set the root directory only to 755.
This way, when people will try to see a directory without an index.html file, they will see a forbidden page (Error 403). You can customize that if you want so, but that's another story. Maybe I'll write later about this.
If you cannot handle it I can help you. My rate for this type of job is $20/hr.
For other web admin panels:
Other web admin panels ftp setup require usage of 755 and 644. The only solution I know so far is to put blank index.html files into each directory that doesn't have one.
If you want a good and reliable hosting provider for your website with a fantastic support you can choose Hostgator. Click here to read more about them.
2009-11-10 10:09:04
2009-12-04 23:48:43
Nice article.
I do have some comments on it:
1. you forgot to add the actual link when you wrote "Click here to read more about them."
2. you didn't mention why rights access are so important to be set correctly on the server side: no user should upload anything on server (or if someone uploads files, they should be very well checked).
3. I hope you will continue this topic. You may write also about: XSS, MySQL injection, dos (denial of service issue) and how to prevent it
I'll be reading from you!
2009-12-05 00:02:38
Although I'd rather respond to you in our native language, I will try a more or less "universal" answer.
1. Thanks for reminding me I have to continue my other project as well (a website with web hosting reviews). I intentionally left it url-less
2. Uhmm... yes, that too
3. Like I said in the website slogan, I write about my personal experience in web development. But you know what? You can write here as well, I'd be really honored to have you as a co-author! If you accept my challenge and request I'll change the goal and aim of this website making it more user contributed. Though, I'm not sure if you have time for this...
Final note: Thanks, Diana, for encouraging me!