Guidelines to secure your websites and web servers from being hacked.
Old scripts
Please remember that old installations are an open invitation for hackers. So, if you have installed Joomla or WordPress that you tried out a couple of months ago; please remove it. You should make sure that any script you install on your servers is of the latest version. It takes 5 seconds to hack an old version of Joomla, upload a shell script and have total control over your account.
Passwords
Never use easy to guess passwords or the same password more than once; if someone finds a password of yours they will try it everywhere else until they reach success. If someone finds your webmail password you’re pretty much guaranteed they’ll try it elsewhere – maybe in cPanel, maybe on your online banking!
Cloak Your Folders
You should keep a blank index.html in all of the folders inside your public_html; this will make sure the contents can’t be easily viewed on the internet. CPanel has this function, check out ‘Index Manager’. It’s always a good idea to keep your files and folders secret.
Password Protect Your Admin Folder
You should password protect the admin folder of any scripts you are using, this provides an extra layer of security and is highly recommended. You can do this in cPanel by clicking the Directory Protection link.
So You Got Hacked?
If you got clicked that something has happened, maybe some spam was sent from your account, or you found you were hosting a phishing site, the first step you need to take is changing your passwords. All of them – cPanel, email, site admin passwords, everything.
Next up, go through your web space and remove all old script installations, remember if you installed plugins in your scripts (modules for Joomla/WordPress etc) they can be hacked too! Make sure they’re up-to-date too.
You can check the Error Logs in cPanel for suspicious requests. Generally, a hacker leaves suspicious files around, so look for such files within your public_html folder. Once the files are found, take the details of those files, such as date and time that the file was uploaded, the file name, folder it was in, and inform your web host, so they can check through. Then delete the files.
Being hacked can happen to anyone at all, your security will always depend on its weakest point. If you don’t keep things up-to-date and secure, your site will be hacked and be used for criminal activity in one way or another – however, now is the perfect time to stop this from happening.
0 comments:
Post a Comment