Secured Your Web Site

 

By Admin

November 01, 2007

 

Most of the people who browsing in internet is good people, but there are some people who get fun in internet with looking for security weak in a web site also.


There are several tips can help us in securing web site. Tips will write here is very simple tips, at last enough to reducing problems in web site that enable other people to see what they should not see.

 

Protect your folder


If you has private directory, don’t rely on directory name that other people maybe can not guest only. Better if your directory protected by password also.


Because more than 50% web site using apache server, so we will discussing how to protecting directory with password in apache.


Configuration in apache did by .htaccess file inside directory. Command in .htaccess can effecting a folder and sub folder, exclude if that sub folder has .htaccess file it self in it. To give password to folder, Apache also using .htpasswd file. Password in .htpasswd encripting, so we must used .htpasswd program to make a password. To access it, use command line at your server and type "htpasswd". If message received is "command not found", call your administrator system.


Type “htpasswd -c .htpasswd username” where “username” is user name wanted. After that you will ask password. Confirmating that password, so it file will make directly. To make iy sure, you can check it by FTP.

Now, open .htaccess file. And type command below:

AuthUserFile /home/www/passwd/.htpasswd
AuthGroupFile /dev/null
AuthName “Secure Folder”
AuthType Basic

Require valid-user

First line used to giving place directory from .htpasswd file. When all finished, your web site will appear popup when you entering directory that protected by that password.
 


Switch off Directory Listing
 

In default, all directory in web site has not "opening" file (index.htm, index.php, default.asp, etc), what will appeared is file list in that site. You maybe not want show whatever files in your web site right? First way to solve this is make an empty html file. And named index.htm then uploading to your website (or a folder in your web site)

Second way is using .htaccess file to disable directory listing. Put in “Options -Indexes” command in .htaccess. Now your web site visitor will get error 403 and not content list of your directory.



Security Update


If you using software (or can be CMS), you nee update at that software, for guarantee it secure.


Update used to close security hole at software. Don’t do same update mean freeing other people do exploitation to your web site software weak.



Reducing error massage level


Now we will talk about PHP, because this web programming language is most used. In default, if there are mistake in a file error message and warning at PHP will write in complete information, include place of that mattering file.
Yes, information given is too many. Use function error_reporting() at PHP, and put in as global file that will work at all part from your web site.



Securing Form
 

Form can be bigger crack from your web site if you not really serious in coding it. Form can access direct to data base. Although you write "address" word in front of a field, does not mean you can believe that file will fill by other people with their address. How if somebody fill that field with SQL query or other script in it? Then how to secure that form?

  • Used MaxLength. Can at least avoid other people put data in too many.

  • Validation form. Check data that put in is it formatted. This valid for e-mail, Telephone number, post code, etc.

  • Avoid SQL Injection. Check data type that come to your data base (string, numbers, etc.), use right validation form, and last write query that will disable other people to put in data except you want it.


Source : http://www.rumahweb.com