Thursday, July 14, 2016

Tips to safeguard websites

1. Keep minimum number of resources online.

2. do password protection of internally accessed resources.

3. Do regular website scanning. Acunetix is one good tool.

4. Engage security consultants to do security audits. www.securityescape.com  is one recommended by me.

 5. Check folder permissions. use 755 as default permission. 

 6. Be very extra careful with uploading files. 

 7. Use WSO.php to understand damage possible if any file uploaded successfully.

 8. Keep code and data separately. use php engine off on data folders.
Posted by at No comments:
Labels:

Tuesday, July 12, 2016

Setup mod security on apache2 

apt-get install libapache2-modsecurity
mv /etc/modsecurity/modsecurity.conf{-recommended,}

Find this line


SecRuleEngine DetectionOnly




and change it to:


SecRuleEngine On

use below link:

https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_security-with-apache-on-debian-ubuntu


Posted by at No comments:
Labels:

Monday, July 11, 2016

Regulate non public traffic on site

use below in .htaccess

AuthType Basic
AuthName "Please Log In"
AuthUserFile /some/path/.htpasswd
Require valid-user
Order deny,allow
Deny from all
Allow from 127.0.0.1
Satisfy any
Posted by at No comments:
Labels:

Wednesday, July 6, 2016

Security tips to protect site

Below is good read about security tips to protect websites:

http://www.creativebloq.com/web-design/website-security-tips-protect-your-site-7122853


Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)