How to Keep your website secure?

  • You Must read the Blackvol Rules before making your first post otherwise you may get Permanent warning points or a Permanent Ban.

    Our resources on Blackvol Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If you are on Windows and have an antivirus that alerts you about a possible infection : Know it's a false positive because all scripts are double-checked by our experts. We advise you to add Blackvol to trusted sites/sources or disable your antivirus momentarily while downloading a resource.

    Download NOTE : To download directly, please register on the site. After registration, you can see the download link at the top right of the page.

    "Enjoy Your Presence on Blackvol"

Trini

Active member
Jul 20, 2020
321
65
28

Databases​

Your database holds all of the key information about your website. Failure to protect it means not only potential loss of private information such as usernames, email addresses, and more, but also allows an attacker to possibly add entries that could create spam or malware links on your site (or worse). Therefore, you must consider how your database(s) are accessed for routine maintenance.

Keeping your software updated​

Websites are often hacked via security holes found in old versions of web software, such as web forums, wikis, and blogs. It's your responsibility to keep the website's applications updated with the latest version.
Some applications do not provide an upgrade path from older versions, which will then need to be updated manually. Please check with the application’s developers for further assistance on upgrading.

Setting file permissions​

When setting up file permissions, MoboHost recommends that you set the permissions to the following:
Files – Set to 644 permissions using the command chmod 644 <filename>
Directories – Set to 755 permissions using the command chmod 755 <directory_name>
Executables – Set to 755 permissions using the command chmod 755 <executable_name>
Here is an example of how your file/folder permissions should look on the server when running ls -la.
[server]$ ls -al
drwxr-xr-x 2 exampleuser pg5034488 10 Apr 22 09:13 example_directory
-rwxr-xr-x 1 exampleuser pg5034488 0 Apr 22 09:14 example_executable.cgi
-rw-r--r-- 1 exampleuser pg5034488 0 Apr 22 09:12 example_file.php

Assigning a unique user to each domain​

MoboHost recommends that you host each of your individual sites with its own unique web user. The reason for this is that if one of your sites becomes compromised, the exploit won't expand to your other sites.

Managing your files on the server​

When connecting to your server to manage your files, MoboHost recommends that you use either SSH or SFTP. FTP is not secure and should not be used unless absolutely necessary.

SSH​

SSH, secure shell, is the preferred method for connecting to your machine. SSH encrypts the communication from the local machine and the destination machine. This means that your password is not being transmitted in plain text, which is what Telnet does.
SSH must be turned on for your users. View the Creating a user with Shell ( ) access article for details.

SFTP instead of FTP​

Since FTP is not secure, SFTP is only recommended when connecting to your server. View the SFTP article for details.

Serving your files securely​

There may be situations when you wish to serve your files securely, such as if you are running an eCommerce website: obviously, you wouldn’t want to send vital information over the Internet without protection.
To add an extra layer of security, you can set up secure hosting and purchase an SSL certificate.
Related:

Allowing developers access to your site​

It may be necessary at some point to hire a developer to work on your website. There are a few different ways a developer may require access to your site in order to work on it. The access you grant a developer depends on exactly what tools they need to complete the job you hired them for.

Source:
 

Members online

No members online now.