3 Common Security Mistakes that Webmasters Make
January 18th, 2012 • Tags: backup, hacking, maintenance, mysql, permissions, security
Even the most skilled and advanced webmasters make mistakes that lead to security problems. This is most often due to webmasters not giving much thought as to how even the simplest action could be valuable to a hacker, or the general denial that something bad could happen. Here are three simple mistakes that webmasters commonly make during the course of maintaining a website:
1. Not maintaining website software
Website maintenance is not limited to content. Most website applications are not the type that you can install and forget about, especially if you’re using common and/or open-source software. Security problems are discovered all the time, and therefore require that the software be patched to prevent any vulnerabilities from being exploited. If you are utilizing custom website software, you should be regularly reviewing the security of your website.
2. Leaving backups in public directories
A very common blunder that hackers often take advantage of is the likelihood of webmasters backing up files to publicly-accessible locations. This includes making copies of the website while doing upgrades/maintenance, or making database backups in these locations. Unmaintained versions of your website should not be stored publicly to where they may be exploited. Additionally, storing archived backups (tarballs, zipped files, etc) of your website or raw MySQL dumps are security hazards, as it can allow hackers to view website source code or sensitive information stored in the database backup (such as user passwords, etc).
3. Making files and folders world-writable
Depending on your web host’s setup and/or your website software, setting files and folders to 777 may be unavoidable. However, doing this facilitates the ability for hackers, or even other users on your server, to upload files to your hosting account. If you find that your website requires open permissions in order to function normally, consider asking your web host if this is due to a configuration of the server (such as running PHP as ‘nobody’ rather than your account user) or check whether the requirement is within your website software itself.
Related Posts
- How Secure Is Your Website?
- How To Backup And Restore A MySQL Database Through Command Line
- Installing & Configuring XCache for W3 Total Cache on a cPanel Server
- Who is Responsible For Your Website Backups?
- Basic Tips to Keep Your Website Secure
- Switching From FTP To SFTP
- Linux Log Files You Should Know About
- Linux Tutorial: Generating Random User Passwords
Posted in Articles | No Comments
How to Compile and Install PHP From Source September 6, 2011
How to Install mod_cloudflare on a cPanel Server June 27, 2011
cPanel Obtains Web Host Siteocity to Begin Real-World Product Testing February 22, 2012
Web Host SingleHop with $22M Growth in 2011 Revenues February 21, 2012
4 Ways to Secure SSH Communications on a cPanel Server February 20, 2012
Increased Demand for Cloud Services Raises Rackspace Q4 Results February 15, 2012
- Case Study: Wordpress, MaxCDN, CloudFlare and W3 Total Cache Integration
dil @edutechnolife: I combined w3total cache, and it’s good for my... - How To Install Your Own Web Server – Installing PHP
Niall: Hi, great set of tutorials. I couldn’t find php_mbstring.dll in my php... - iPage vs Just Host: Which Host is the Best?
Andrei Cantey: I do not know why you all are having so much bad luck. I have been a webmaster to a... - 1and1 Vs GoDaddy: Overview
Injured by 1and1: I’ve been hosting with GoDaddy & because my site was going down frequently I wanted to move.... - How To Create A VMware Template
Pozinux: Thanks, it helped me a lot. I didn’t understand why I could not find the option “Clone to...
Latest Web Hosting Deals
- 25% off $75+ New Orders at Network Solutions
- Network Solution Coupon - $3.99 / mo. Hosting
- NetDepot Coupon Code - 30% Off Intel Xeon 5320 Dual Quad Core
- MyHosting Valentine Promo - Basic Hosting for $2.95
- MyHosting VPS Promo Code - 20% Off On All VPS Orders
- SingleHop Coupon Code - 50% Off 1st Month
- SingleHop Coupon Code - 15% Off Lifetime
Hosting Reviews
 |  |  |
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment