I saw many people who ask about their directories hacking, maybe most of us are newbie and make simple directories with no any securities, and there are many helps wanted for hacking directory!
Some tips that you can following them and enhance your directory's security can be:
- 1) Passwords: Use strong passwords! Never share your password or keep them in unsafe place. Give passwords to everything you can, phpLD admin, database user, FTP access, everything.
Include some special characters like "$", "@", "&", "=", "+" or whatever else you want. Also use both lower- and uppercase characters. You password should not be shorter than 6 characters.
- 2) Backups: Only people who had once a really big problem because they did not backed up know what I am talking about. Make backups as often as you can, backup all your files each time you make a small change, backup also your database.
- 3) Permissions: Give only really needed permissions to files/folder. Unless the server is running as user "nobody" or simmilar, try to give files/folders the same username as the webserver is running. Do not use 666 or 777 permissions unless the script (.php) needs it. Usually it's good to run files/folders with permission set to 664 but also 755 or 775 is good.
- 4) Files and Folders Protection: If your host supports ".htaccess" files you can easily protect some files and folders.
- 5) Unneeded Files: Most *NIX (Linux, *BSD) create by default file backups each time you modify something. This files are marked eighter as "~filename.ext" or "filename.ext~" (ext = extension). If you are running Cpanel or another editor you regulary won't have this issue, but you never know. Always try to remove this files, you really don't want to have an "index.php~" file in your DocumentRoot, because it's content can be seen by others.
A quick and dirty bash script that will remove these files is:
Code:
find /your_path -name "*~*" -exec rm -f '{}' \;