Directory Security Tips

mohammad · 02-12-2008, 12:52 PM

I saw many people who ask about their directories hacking, maybe most of us are newbie and make simple directories with no any securities, and there are many helps wanted for hacking directory!

Some tips that you can following them and enhance your directory's security can be:

1) Passwords: Use strong passwords! Never share your password or keep them in unsafe place. Give passwords to everything you can, phpLD admin, database user, FTP access, everything.
Include some special characters like "$", "@", "&", "=", "+" or whatever else you want. Also use both lower- and uppercase characters. You password should not be shorter than 6 characters.
2) Backups: Only people who had once a really big problem because they did not backed up know what I am talking about. Make backups as often as you can, backup all your files each time you make a small change, backup also your database.
3) Permissions: Give only really needed permissions to files/folder. Unless the server is running as user "nobody" or simmilar, try to give files/folders the same username as the webserver is running. Do not use 666 or 777 permissions unless the script (.php) needs it. Usually it's good to run files/folders with permission set to 664 but also 755 or 775 is good.
4) Files and Folders Protection: If your host supports ".htaccess" files you can easily protect some files and folders.
5) Unneeded Files: Most *NIX (Linux, *BSD) create by default file backups each time you modify something. This files are marked eighter as "~filename.ext" or "filename.ext~" (ext = extension). If you are running Cpanel or another editor you regulary won't have this issue, but you never know. Always try to remove this files, you really don't want to have an "index.php~" file in your DocumentRoot, because it's content can be seen by others.
A quick and dirty bash script that will remove these files is:
Code:
find /your_path -name "*~*" -exec rm -f '{}' \;

dpSubi1 · 02-12-2008, 03:51 PM

Great tips. I would like to add one more. Delete all installation files once we complete the installation of a directory.

mohammad · 02-12-2008, 04:38 PM

Yop, it is always recommended first to remove installation files

megrisoft · 02-24-2008, 11:22 AM

Best is to update the script version

02-12-2008, 12:52 PM	#1 (permalink)
mohammad Junior Critic Join Date: Feb 2008 Location: Small Buziness! - مرند Posts: 72	Directory Security Tips I saw many people who ask about their directories hacking, maybe most of us are newbie and make simple directories with no any securities, and there are many helps wanted for hacking directory! Some tips that you can following them and enhance your directory's security can be: 1) Passwords: Use strong passwords! Never share your password or keep them in unsafe place. Give passwords to everything you can, phpLD admin, database user, FTP access, everything. Include some special characters like "$", "@", "&", "=", "+" or whatever else you want. Also use both lower- and uppercase characters. You password should not be shorter than 6 characters. 2) Backups: Only people who had once a really big problem because they did not backed up know what I am talking about. Make backups as often as you can, backup all your files each time you make a small change, backup also your database. 3) Permissions: Give only really needed permissions to files/folder. Unless the server is running as user "nobody" or simmilar, try to give files/folders the same username as the webserver is running. Do not use 666 or 777 permissions unless the script (.php) needs it. Usually it's good to run files/folders with permission set to 664 but also 755 or 775 is good. 4) Files and Folders Protection: If your host supports ".htaccess" files you can easily protect some files and folders. 5) Unneeded Files: Most NIX (Linux, BSD) create by default file backups each time you modify something. This files are marked eighter as "~filename.ext" or "filename.ext~" (ext = extension). If you are running Cpanel or another editor you regulary won't have this issue, but you never know. Always try to remove this files, you really don't want to have an "index.php~" file in your DocumentRoot, because it's content can be seen by others. A quick and dirty bash script that will remove these files is: Code: find /your_path -name "~" -exec rm -f '{}' \; __________________ Business Link Directory Project Registrars Directory™ Free PHP Contact Us Script

02-12-2008, 03:51 PM	#2 (permalink)
dpSubi1 iSubmitter Join Date: Feb 2008 Location: Tech-Tips-Now.com Posts: 21	Great tips. I would like to add one more. Delete all installation files once we complete the installation of a directory. __________________ CodeItBetter Programming \| Tech Tips \| PR 2 SEO friendly Web Directory

02-12-2008, 04:38 PM	#3 (permalink)
mohammad Junior Critic Join Date: Feb 2008 Location: Small Buziness! - مرند Posts: 72	Yop, it is always recommended first to remove installation files __________________ Business Link Directory Project Registrars Directory™ Free PHP Contact Us Script

02-24-2008, 11:22 AM	#4 (permalink)
megrisoft Submit Shop Join Date: Dec 2007 Location: Chandigarh India Posts: 102	Best is to update the script version __________________ Submit Shop Since 1999 Manual Directory Submission Services Link Building Service

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode