Data security webiste hosting Linux share using PHP
Dienstag, 27. Mai 2014
Today web applications with open source development is very strong, which is especially popular PHP - MySQL. But at the same time developing technologies entail "hackers" children always want to assert themselves after watching the tutorial attacks exploiting bugs on the forum is full of hackers. So any website has the ability to be attacked at any time, especially personal sites, small and medium group will choose to hire on a shared hosting server. Because of the shared hosting server at the same level so privacy is not high, the solidification of website on shared hosting is essential.
1. Decentralization reasonable
A. Learn about chmod:
As the access rights to a file or a folder on the user class like attributes using attrib command in DOS.
+ The user class include: Owner - Group - World
- Owner: who "owns" host.
- Group: the group of users.
- World: anyone.
The right to chmod +:
- Read: read (r = 4)
- Write: write (w = 2)
- Execute: execute (x = 1)
Example: chmod 751 = rwxr-x-x
Chmod + Method: We can chmod files, folder by FTP or cPanel. Here is an example using FTP (in cPanel similar):
- Use FTP client (I use FlashFXP) to connect to the FTP host.
- Right-click on the file, folder (hold Ctrl and click to select multiple files / folders discrete, or Ctrl A to select all), select CHMOD, we will have the dialog box as shown:
If you want to chmod the directory and file different then tick Separately Set File and Folder attributes.
B. How to CHMOD safety:
CHMOD the most optimal way:
- Chmod 404 (read-only) all files.
- Chmod 101 (for enforcement) all folders.
- Chmod 501 folder / public_html /
The chmod on how to write are not, so the layout is preserved, and they can not see the site structure, folders, files. It can be said that is the safest chmod web applications such as forums, music sites, news can operate stably. However, the server does not allow you to chmod as well, if you can not use FTP chmod so, then chmod as follows:
- Chmod 704 (read-only) all files.
- Chmod 701 (for enforcement) all folders.
Note: cPanel Version 11 has File Manager V3, can be used to chmod a very good series and can be chmod 404 file, folder 101.
2. "Hide yourself" - Hide path
When hosting registration, domain often point to the right of the folder / public_html /, which helps "attacker" to easily open an important file of the website (such as config files. Php of the forum, for example), and then login database management of the website has been taken away bad guys. What bad thing will happen?
To overcome this, we should ask the hosting provider can not host a domain (domain name) and to our own self in the function attached to the add-on domain. When you add the domain will have a place for you to enter the path to that folder after the domain will point to mount successful as shown:
Example: / public_html/foder1/folder2/folder3/forum /
After you click add the Folder1 folder, folder2, ..., forum will be automatically created. And now you apply the above to chmod chmod the directory Folder1, folder2 ... to hide the path of the site on the server.
3., If not display error arising
When an error arises, PHP will now inform the browser and specify the error in any file, any line and path of the file, so this is very dangerous. To cover the error, you create a php file. Ini the following contents:
display_errors = Off
log_errors = On
Then upload the folder containing the website. Hint: you should up the php file. Ini into folders that users will access through the browser, usually contain directory website, directory management, user's folder ...
4. Enabled safe-mode (safe mode) and disable dangerous functions
2 Add or edit the following line in php file content. Ini
1 disable_functions = passthru, system, shell_exec, exec, dir, readfile, virtual, 3 2 proc_terminate safe-mode = on Note: you can remove the function in the function list function is disabled if needed for your website activities.
5. Decentralization account to access MySQL database
When you create a user access to the database, you should note:
- Do not use your username and password as the user of the database host.
- No grant DROP as shown.
6. Avoid chmod 777 for folders / files
Sometimes you meet a number of requirements chmod 777 for files / folders to perform something, you pay attention to chmod after the job was done.
7. Encrypt files containing sensitive information
The file contains sensitive information database connection as config. Php with base64 encoding as PHP or encrypted using softwarezendguard of www.zend.com. Base64 encoded PHP If you are the can use google to search for keywords "base64 encoded". I would like to introduce you a link to the base64 encoded php file: http://dnstools.it-4vn.com/phpencode.php
8. Prevent download source code when server is in trouble:
Create a file. Htaccess contents as follows:
1 <Files "config.php"> 2 Order Allow, Deny Deny from All 3 4 </ Files> 5 <Files "class_core.php"> 6 Order Allow, Deny Deny from All 8 7 </ Files> aim to prevent block the download source code when PHP is overloaded or terminated. The cause may come from inside or outside. I did not mention here.
9. Disable compile PHP code in the specified directory
If you have a folder for uploading, you should disable compile and execute PHP code in this directory because attackers can take advantage of upload scripts to standalone (webshell) to your host. Create a file. Htaccess placed in that directory with the following contents:
1 php_admin_flag engine off then chmod 444 the file.
10. Frequent updates and patches for website administrators set a password relatively permanent, contact your service provider to fix.
Final note:
- Your php.ini file mentioned above is only available in the directory containing it, the folder does not contain it will not be dominant, but it will be configured in the server's php.ini dominant.
- The php.ini file. Should chmod 444 htaccess configuration to protect.
Kiến thức mạng
All comments [ 0 ]
Your comments