Web Hosting For Dummies by Peter Pollock

Author:Peter Pollock
Language: eng
Format: epub, pdf
Publisher: John Wiley and Sons, Inc.
Published: 2013-04-10T16:00:00+00:00

Figure 8-14: Screen showing authorized users of Password Protected Directories in cPanel.

cPanel's password protection is created using an .htaccess file. This file is placed within the folder to be protected. Although web users cannot access this file, it can be overridden by another .htaccess file in the public_html directory. Do you think it sounds insecure? Don't worry; the public_html directory .htaccess file may be able to override the password protection, but a hacker cannot change that file unless he already has root access in the file system. When he has root access, the password protection doesn't apply to him anyway.

Securing Your PHP

PHP security is the nemesis of all website creators. Everyone is convinced that there must be a way to secure a PHP website against all attacks, but no matter what level of security exists, there is always a hacker somewhere who works out a way around it.

That doesn’t mean you should just throw your hands up and surrender, though. You can do plenty to protect your site, although nothing is ever foolproof.

Remember, most website hacks are done by automated systems, which are written to cruise around the web and try a series of commands for a specific known exploit. To put that in real-world terms, imagine somebody made a master key that could open any lock produced by a certain lock manufacturer during the period November 1998 to June 1999. If locks from that manufacturer were widely used by households, all the criminal would need to do (if he could get a hold of one of these master keys) is go around and try his key in every lock on every house until he found a lock that was made by the right manufacturer during the right time period.

Protecting your house against this attack would be quite easy. You simply need to update your lock, and you can be certain that the key would no longer work.

Most small websites are never going to be attacked by a hacker directly. The attacks come via automated tools that are just poking around to find a site that is vulnerable. This means that you can protect yourself against the majority of attacks by following a few simple rules:

If you have your own server, keep your PHP version up-to-date. How to do this varies by system. With a cPanel server, for example, either type /scripts/easyapache at the command line or go into WHM and select EasyApache under the Software heading.

If you are writing your own PHP scripts, research how to secure your scripts. You may not think your scripts have security holes and are vulnerable to exploits, but think again! Plentiful resources online explain how to ensure that your scripts are as secure as possible. Simply search for securing PHP scripts.

If you’re running web scripts or applications such as WordPress, keep them up-to-date, including any additional plug-ins and theme updates.

Do not install any scripts or PHP modules that you don’t absolutely need. The less PHP you are using, the less chance there is of an exploit being found.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.