Secure website design in PHP - Linux Servers
Dienstag, 27. Mai 2014
PHP language is used to design the website in a variety of different needs, from the simplest website should not be used as a database to introduce our company website, until the great website with database contains critical information: Trade website e-commerce, online sales sites , government sites ... There are up to 50% of sites around the world using this language.
However, it is precisely because of such popularity should focus hackers and exploit research on the website using PHP language than the language used another website. It is accompanied by the attack on the website for the purpose of destroying competition unfair business or even exploit customer information, bank account information for profit ... What to do to protect themselves from the dangers that? Stay tuned to this article. SagaLink will teach you a few tricks of small but highly effective in securing sites against hackers. But to be able to perform the procedure you should know some features of the PHP language: PHP language is considered as a form of packaging a more advanced form of HTML language website. To use the PHP language as web design, website hosting support often have to hire PHP, Apache. If a site uses a database, MySQL hosting more support. These elements want to run the required stability using Linux as the operating system platform. The Windows operating system can also run PHP but errors often arise, and generally are not compatible. Basically you should know: is to run PHP on Linux, using the MySQL database. CHMOD File and folder Speaking of Linux, this operating system is open-source operating system, management structure and decentralization also different Windows operating systems. If your windows with known distribution function permisson access files or folders to the user (user) group (user groups) ..., then for Linux, this function is CHMOD.Subjects were included decentralization of CHMOD Owner (owner - has ultimate authority), Group (user groups) and Public (everyone is) So we have the website running on Linux CHMOD how to secure:
- With the important files and folders to declare access to information servers. You should CHMOD to 404 for files and 101 folders, with such decentralized way, all files read-only (for the group owner). When should you be able to edit the CHMOD. As for the corresponding folder CHMOD 101 groups can not only see change. - However, not all web hosting allow such decentralization. So for servers that have 704 permissions for files. and 701 for directories. After your authorization only reasonable security for the website approximately 30%, the next you need to do is change the default path of the website. Change the folder name is important - For using Direct Admin web server, website directories usually contain / public_html / you should change to another name. This is a form of hiding to prevent being attacked, this time simply because hackers will not know where your website is. - Similar to the web server using Cpanel. Web directory is / httpdocs /. - In addition to a number of open source like Joomla, NukeViet ... or expensed as VBB, Drupal ... the default path for the directory administrator usually / administrator, / admincp, you also ... should change this default path. Encrypted files containing important information
The next step is to encrypt the file contains sensitive information (usually config.php, libs.php, configuration.php ..) to encrypt your file hosting must support reverse transcription process, to understand the web server encoded content (for instance website to support such ionCubeloader) 
Change data table prefix: Limit the use of prefixes (prefix) default in the data table of the common source, for example jos_ Joomla will use the default prefix when declaring information in MySQL database tables. You should change the prefix, such as: sitecuaban_ such. A website for one reason or another, may lose index.php, default.php ... used to display the contents of the home page. If this situation occurs. By accessing the website, all other files and subdirectories ... will be showing off, and hackers easily load your source code. Treated as follows: you create an index.html file placed on a par with the index.php file (the browser will prioritize PHP file. Should create HTML file will not affect anything at all). Content can be left blank index.html file or anything custom you. Then this file is CHMOD to 404 or 704. Ie is read-only.When the index.php file is lost, if the type in the address, the web browser will be used to replace the index.html file. Perform this far, you've secured the site to 90%. However, there is still a point to pay attention. It is on the web interface, you should avoid the Form Submit form (send frame) or file attachment tool on the web. If you can not restrict it to create management mode extensions. (Priority prohibits the extension vbs, js, html, php ... - These extensions are usually easy integration malicious code. Was accidentally knocked the door hacker help your website) In short, to secure your website should do the following steps 1. CHMOD file appropriately. 2. Changing the default path to the web directory or folder containing the admin page 3. Encrypt files contain important information 4. Avoid using the prefix of the default data source. 5. Creating the index.html file in the root folder and other folders appear to limit the entire file and subfolder. 6. Restrict use to send information tools, tool attachments, uploading files. I wish you success.
Kiến thức mạng
All comments [ 0 ]
Your comments