Blog and Resources
We provide information and resources for the Marietta business community to create and maintain an effective online presence using the best practices of web development, promotion, and management. We also present special features and current projects.
Our Partners
Our online website services project; domain names, web hosting, email services. Our flagship project for hands-on managed website services and consulting.
You Can Help
If you would like to see us cover a topic or add a section or new feature, let us know. We'll be happy to investigate. Please send us your comments and suggestions and help us grow.
Contact Us...
|
|
Written by Larry Dearing
|
|
Friday, 18 June 2010 13:15 |
As we become more and more active on the web, we’re always finding new ways to communicate and be productive online. As your internet presence widens so does your vulnerability. What sort of security precautions do you take to protect your website? There are a few basic things you can look at to help ward off the most common attacks. Here’s an overview to consider.
Block sensitive areas of your site from search engine crawls.
Use a robots.txt file to control where “spiders” or robot crawlers from search engines go when they hit your site. If you have any directories or areas on your site you absolutely do not want to appear on search engine results you can add a simple line to this file: Disallow: /[directory_name]. Further information on the use of this file is readily available online.
Configure your site for “No Indexing” of directories.
Not to be confused with search engine indexing, this occurs when you use a URL to a directory that doesn’t have a default index.html or .php file in it and you see a listing of all the files in that directory. Your web hosting panel probably has a setting for allowing or disallowing file/directory indexing. Another quick trick to fix this is to simply put a blank index.html file in any directory folder that does not have a default page. This second trick simply shows an absolutely blank or empty page.
Configure your site to prohibit “leaching”.
Leaching is the practice of one website displaying an image that is actually being linked and pulled directly from another website. If someone is leaching images from your site they are using your bandwidth and possibly affecting your website speed and performance. Most web host control panels have a setting to disallow leaching of this sort.
Develop a good pass word policy.
Everyone knows they need a strong password and should change it regularly but this is often overlooked. If you’re using a CMS or website building program that requires its own log on, then don’t use the same user name and pass word as your main web hosting account. By the way, the user name should not be your name or your email address unless it’s required. Pass words should be 6 to 8 characters, and contain numbers and letters of both upper and lower case.
Whenever possible, use SSL Encryption logging on at your site.
SSL connections are most commonly known as https:// connections and provide an encrypted connection between the local computer and the website. If you log in to any interface on your website it should be using such connection if possible to protect your credentials. This is particularly important if you’re using a CMS type website and log in as author or administrator. Check with your web host as many have “shared” SSL connections to the server you’re on that you can use. If not, getting your own private SSL connection is pretty cheap.
Try to avoid FTP when uploading to your site.
Using FTP as your uploading protocol passes your data across the internet in an unsecure way, including your user id and pass word in plain text format. Most web hosts support some sort of secure file transfer to your server via SFTP, FTPs, or Webdav protocols which encrypts all data being passed up or down from your computer. You’ll also have to make sure your ftp client program you use supports the secure protocol your web host does. Filezilla and Core FTP are both excellent free clients that supports both FTPs and SFTP. Core FTP also supports Webdav.
Don’t store any site related information on your website.
Don’t overlook the easiest and most obvious one of all. Make sure you’re not storing any information like site user id’s or pass words, hosting account information or access to your off-shore secret accounts!
Just implementing some or all of these basic best practices can greatly enhance the overall security of your website. If you need more information on some of these ideas, there are lots of good sources on Google. Some questions involving file transfer protocols, SSL connections and directory indexing – leaching can be answered by your web host or webmaster. Also we’d love for you to contact us as well for any additional follow up information.
*** |
|
