Article is mainly aimed at Linux host to talk about.
One of the fortress is often compromised from within, be careful of people around you
Experience has shown that the vast majority of network attacks from colleagues, friends and the host user. These people can directly or indirectly, into your host system, may even know your password. Little oversight, will cause a fatal error. I have to steal my colleagues demonstrates his forum password is simple, INCLUDE, and ECHO, the variable value is displayed, and the variable value in the password on there, only a few lines of code. I told him the source code written directly to the Forum going, so all right. Another angle, you are not network, but users on the host, network a little mistake, it could ruin your website.
Second, often refer to server log
There are a variety of access log information, by analyzing the log files, you can easily find your management background trying to enter or attempt to detect the host people. Early November, when a small router that the total school break, I use the Internet proxy server, using a Red Hat 9. Server is running less than a month, I look a bit log and found that at least five countries and regions trying to detect my IP system, the United States, South Korea, Japan, Taiwan and India. So I did a IPTABLES, on the number of IP segments that do screen, it touches on a number of quiet days, the server only had a few log messages. Later I found that trying to detect the IP system, many of them are domestic, shielding IP is clearly not a good way to do some good strong IPTABLES than anything else. For example, my server SSH and WEBMIN service is limited to only the IP can CTT Huludao access, this is very easy to detect hackers trying to invade the system. Speaking of look at the log, I actually found that access to records of network monitoring sector, advise you start up a website be careful, do not think people do not know about you Sha ~
Third, do not believe the legal weapons
If you are a government Web site network, you need not worry about black people you are, and most people he is afraid. In most cases, you black people, you have no way. Even if you have sufficient evidence, it may not receive effective legal protection, not to mention your site is not registered, was also dark black, and really no place to go reported. So security has to rely on yourself.
Fourth, my site security policy
Now most of the sites, in particular units and personal websites are to do with the CMS. CMS general, is flawed, including the Forum, which is inevitable, the script will produce the data filtration strict SQL injection vulnerability, the contents of your database is likely to be tampered with. I do.
1, prohibits landing FTP host, do so very convenient, because the FTP space for regular use.
2, the CMS source file is set to OWNER ROOT, is very simple, after landing a super user, copy the following directory on it.
3, change source. Because CMS does not repeatedly open the back-end database, open the database commands are usually only a few (most often two, in front of a source, the background source in 1), filtration, it is highly easy to find the appropriate script lines.
4, ZEND compiler optimization similar, in fact it also has the effect of encryption source code, so hidden in the source code in the database will not be exposed.
5, a database with two user names to open. MYSQL permissions management can go to the field. Tim in your open source database in that users permissions as low as possible, while the other managed with the user name, you have all the permissions on the database. Permissions set up right, even if the admin password paste the streets, others you can not do nothing.
6, the original database file permissions, SU after the copy its contents, so even the database administrator, also black not your site ~ generally do not do it.
7, the physical security, media, database, web front and back office are on different servers. BT had to do a little bit, but safe to say no, unless the key system, otherwise no need to engage in such rigorous. What are the key system? Not only national defense, economic, financial and so the system is an important system, there is a certain amount of sites are critical systems, security vulnerabilities could allow several years of work destroyed.
5, the specific approach I
Two months, I have done two sites. One is the school www.lnjxgx.cn, because people do want to change next semester, now abandoned, and school should deleted. I put the database permissions set to "select" while shielding the FTP host user. Unless the administrator, otherwise no one could black out the website (I am the only administrator). Of course, the database can not write, APACHE to error, I removed the error function of APACHE and PHP.
The second site is a holiday after doing www.y768.com/mil, a little music site. Only about 1,000 songs. Do not look at it smaller, very powerful, I am a person collating information, at least one day put 100 albums (about more than 1000 songs) up, CMS function is very powerful. Again, I set the database permissions to become the "Choice", on the individual table, then release privileges, such as message boards, user login corresponding to the three tables, do the worst case, a message is deleted, the contents of the site can not be changed. I peel back out into the home server.
At first, my school set up a host of broadband users can only log in Huludao CRC remote MYSQL users to manage Web database, some separated from the background on my home server, but then I no need to change my collate information at home, and then upload the data management software with MYSQL, efficiency is the same. My family have eliminated the K6-2, do Linux RH9 server. Even so, I often do data backup.
To be very pleasant to the ear, then the site was black, just that "tofu dregs" projects, like light on looks, fair without and foul within. Security is more important than appearance.
Hey, Citie of hacker friend, you still interested in black me? Hacking techniques should be used for the right path, you black people are breaking the law and no one to give you wages; But then you use your technology security protection on, but they can create their own interest to you.