Dear friends/bloggers/customers,

during the last week, several friends of mine were concerned about their website’s security. Some of them were hacked while others were under DoS (Denial Of Service) attacks and they were blaiming themselves for not developing/coding their website properly. The key, my friends, is not on having the “perfect” code or picking up the “best” CMS. It is the continuous maintenance that matters!

All I can give you are some “hints” to start with. When you talk about Internet or websites have in mind that 100% security is unchievable. Even Banks’ IT staff is concerned about security; they know their bank’s website is not a hunder-per-cent secure.

The hints listed below are mostly concerned about a website built with a CMS (Joomla, e107, Drupal etc…)

• Upgrades - Once you have installed the CMS on your website, don’t just delete your cms provider’s website. It is then that you have to bookmark it! Check for their bugtracking system and patches available.
• Addons - No CMS comes without addons. All of you are using addons to make your website more functional, interactive and attractive. Make sure the addons you install are not crap. Almost all open source CMS allow everyone to submit an addon and as soon as it gets approved by developers, it gets available for download by others (you for example). Some CMS “tag” some addons as Recommended orHot or Safe. This status of addon does not mean they are 100% safe and bug cleaned. However, you SHOULD go for these addons as they have been tested by “professionals”. Be careful when installing addons and be sure you have the latest version installed. Additionaly, before installing one read its comments and feedback from others that used it before.

• Permissions - Setting files or folders to a CHMOD of 777 or 707 is only necessary when a script needs to write to that file or directory. All other files should have the following configuration:
  - PHP files: 644 ,  Config files: 666 , - Other folders: 755
  
• Backup - Most of the people i know who maintain either a personal website/blog or a corporate (!!!!) website, do forget that backup is more than just a boring operation. Be always thinking of the worst case: You wake up in the morning, go to office and they inform you that website has been hacked. Your manager asks you to restore the website and all last day’s data.
  See? A backup can save your a*s big time :-)

Always have in mind what i said before: Security and an 100% safe website is Sci-fi. Remember that hackers and all these “evil” people that want to harm your website most of the times have nothing personal with you or your website. What they do is to run their script that searches for most CMS and addons’ vulnerabilities.

So, take care yourself and your website! Stay tuned :-)

No related posts.