Extra Security Tip To Stop Hackers

May 11, 2007 at 6:19 am 1 comment

As originally posted on www.BookSellingOnlineBlog.com:

Whenever you host an application online, the potential for hackers to infiltrate your system is there.

More often than not, software programs involved in the web industry are always targetted. PHP, Perl, Linux, Apache, MSSQL, MySQL, IIS, Tomcat, and a number of other platforms are constantly being researched in order to find exploits.

In terms of book sellers, this means our customer databases, revenue transactions, inventories, and contacts can all become potential targets.

I don’t want to scream “The Sky Is Falling!”, but as business owners we still need to address the possibility of insecurities.

Using the “easiest target is the most attractive target” principal, here are some simple tactics that can help you be less interesting to potential hackers:

Protect all admin directories with .htaccess

Believe it or not, a webpage that asks for a username and password is still not as secure as the pop up authentication window. The webpage authentication only protects your pages whereas .htaccess authentication protects all files within a directory. This is especially important if you’re using open source applications.

For an example, try loading an image using it’s full page in a browser from an admin directory. Where people have relied on the page authentication, the image will still load – that is a hole that can be easily plugged.

A major drawback to open source programs is they’re open source -) At any given time, a hacker has the ability to understand how the software works and develop holes in its security.

Here is how you can install .htaccess to help deter hacking:

  1. Create a text file called htaccess.txt
  2. Put the following into the file:

    AuthType Basic

    AuthName “Protected Area”

    AuthUserFile “/home/passwd”

    require valid-user

  3. Make sure the location: “/home” is below your webroot (that means no files from that directory can be loaded through a browser)
  • Create a new text file call passwd.txt
    1. Go to a password generation site, like this one, and enter a username and password
    2. Copy and paste the result into your newly created passwd.txt
      1. For example, username and password asdf / asdff comes out like this:
        1. asdf:jcbpYD.EdTq1s
        2. You can have as many users as you like in this file
    3. Save that value into the passwd.txt file (it will only have that one line)
  • Now connect to your web host through FTP and copy the htaccess.txt file into the directory that you want to protect and copy the passwd file into the directory that you specificed in the htaccess file (remember, keep the passwd file below your web root)
  • Rename htaccess.txt to .htaccess (please note the period at the beginning of the filename)
  • Rename passwd.txt to passwd
  • Test your newly protected directory!
  • It will be a little annoying to login twice in order to get to your backend applications, however well worth it to lower your chances of being hacked.

    Advertisements

    Entry filed under: Uncategorized.

    I’m humbled! Backup Your Database!

    1 Comment Add your own

    • 1. Viagra Preisvergleich  |  May 27, 2011 at 9:01 pm

      I add this post to my Facebook. My name is John Tristyn – you can check it.

      Reply

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s

    Subscribe to the comments via RSS Feed


    Recent Posts

    RSS New books at Shapero’s

    • An error has occurred; the feed is probably down. Try again later.

    RSS New Books at Maggs

    • An error has occurred; the feed is probably down. Try again later.

    %d bloggers like this: