Basic website securityJanuary 12, 2021 | Philosophy
Basically there are stuff that is "out of your control" (to some extend), and stuff that is easier to control.
- The host: From time to time your hosting provider may be the actual problem, I have experienced being down due to malware infections at the host level (the host was actually cut of by the ISP, due to continuos malware infections). So, do not be afraid of changing provider from time to time. Over the past years I have had dusins of different hosting providers. Often you start out with a "good" provider, that may have oversold their service or the company is taken over by another company and everything just seems to go sour.
- The application: Sometimes you have a lot of different choices of, lets say a Project Management System. For several reasons you might not "go with the flow" and choose the most popular one. Find a system that fits your needs and is in an active development stage. Possible lookup any exploit found on the system and see if they got fixed and how.
- Programming language and libraries: Some libraries are more voulnerable than others, in PHP only enable the extensions nessesary for the application to run.
- Routinly patching: Update your whole system regularly.
- Hardening your system: Everything from fintuning your Apache or Nginx server, to installation of AV, IPS and setting up firewall rules, mailserver setup, SSH, SELinux etc. Ofcause there is a limit of how far you are willing to go and still maintaining a system with high Availabillity.
- Priviledges: Besides all of the above, make sure that the priviledges in you directories is setup correct. One cause to many problems when setting up applications is the ownerships of the application. Usually when using Apache and Nginx the owner and group should be: "www-data" (on Debian) what will often happen after the application files are downloaded, is that the ownership changes to root or $USER. Do try to understand what you are trying to achive if you are doing "chmod" (change mode) on a directory, would it make more sense to "chown" (change ownership)?