Introduction Of website security
The website is now an important part of our lives. We do all types of daily work on the Internet through our website, from education to education and financially. Due to massive financial transactions, it is now a great target for criminals. Since the use of the website has spread to everyone, so everyone has to be careful. However, since the general public, only users and they do not have sufficient technical skills about website security.
Therefore, website developers will have to develop websites in such a way that it is not possible for hackers to easily hack, or harm the website and its users. In this article, some general information about security for those who develop web design or applications, and for those who create websites for themselves.
- First of all, the web site that is in the web server, there is no vulnerability to check it. If any errors are found, then fix it. Upgrade to the latest web server as fast as possible. If possible, upgrade to the latest version of the operating system. If you have a Linux server upgrade your Kernel routine. And if you have any security patches for the system then install it.
- Check and strengthen the server’s firewall. Use this firewall on network and application level 2 level. Use Ddos Protection on the server.
- Closing the server’s unused ports and services. And upgrade the software to routine service. And provide good IDS / IPS and WebProxy setup.
Web Application Level Sequence:
- Check the vulnerability of the website or web application. In particular, SQL Injection, Cross Site Scripting, Cross Site Request Forgery, File Inclusion, Remote Code Execution, Web Backdore, Remote File Upload Check and fix this type of vulnerability. Those who can take the help of a better Vulnerability Scanner about the brand new ones.
- If the web site is based on a framework. (Eg: WordPress, Joomla, PunBB, MyBB), but if you upgrade it to the latest version and install a security patch then install it. Check all the CMS plugins and see if they have any vulnerability. And check whether there is any Exploit. Fix it if it is Exploit, or exclude that plugin. From Cpanel to Chmod 640 or 600 on CMS’s Congif File.
- Change and strengthen the administration of admin and Cpanel (server administration). Make a password minimum 12 character, and mix the number, number, small and upper case letter.
- Not giving access to all types of files, especially the configuration files. Do not allow write access to any drive. Close Directory Listing, and Close Directory Brute forcing. When the work is done for the work, but after finishing the work, then it will be reworked.
- Keep regular backups of the site. Keep backup files secure place and secure. It is not possible to get them through directory browsing. Keep it out of the best offline or public_html directory.
- Unfortunately, if the site is hacked, all content on the site will be deleted. Then the whole site will be backed up again from the backup. In any case, the page can not be satisfied only by replacing the defacement page. Because hackers can put a malicious code (bad) code in another directory. And immediately you have to change the password of the admin and cpanel.
- You can follow the server log to find out how the site is hacked. And accordingly, the site has to be patched up, so that it is not hacked again.