Internet
security is a complex, complicated subject, even for an experienced
webmaster. Recent headlines in the media have helped to focus
public attention on security concerns with various Internet
client programs. But the average web author just isn't equipped
to track the the entire scope of vulnerability of a web site.
This
guide is designed to be a basic instruction for new webmasters.
USERNAME
and PASSWORD Security
Never
give out the username and password to your site. This leaves
your web site open to hackers who will come in and maliciously
change your page to whatever they wish.
Always
choose a password that is not easily guessed by a hacker.
Your password should be at least 8 characters and should include
a mix of lower-case and capital letters plus numbers in the
password.
Example:
Tu8p7R2
Hackers
have programs that will take regularly used words as passwords
and use them to break into your site. If you use your dog's
name a s a password and your dog's name is "prince",
it won't take long for a hacker to break into your site.
Some
people take pride in hacking sites. Here is a site that brags
about their successful hacking: http://forced.attrition.org/
Hackers
Can Use Your Site as an Email Spambot
The
same hackers that will break into your site may use it's CGI
abilities to install a PERL script that can be used by them
to send out emails to anyone they wish. Most likely the email
that they will send out will be "spam" and they
will try to send it out by the thousands/millions.
Unfortunately
for you, the spam emails can easily be traced back to your
site. Once the complaints pile up, your Web Host will probably
blame you. Your site will most definitely be closed. Not Good!
Securing
CGI Folders
When
you start creating and using PERL programs that can be placed
in a cgi-bin area of your site, there is special security
measures that must be adhered to. Your scripts should be readable
and executable (chmod 755) by the public, but not writeable
(chmod 777). Only data files should be set to writeable.
If
your CGI area contains unsecured files, you are giving the
hackers an invitation to come visit your site.
Closing
Directory Browsing
You
should never leave a directory structure open for browsing.
In every directory you should contain an index.htm or index.html
file.
Example:
Here is a file called my-public-information.htm
that you want web visitors to take a look at. In the same
folder there is another file called my-secret-life.htm that
you will not provide a link to. So it should be safe right?
If
a smart web snoop tries to just view
the folder instead of the file he will be able to see
the entire contents of the folder.
This
occurs because there is no index.htm file in the folder.
Here
is a similar directory with an index.htm file protecting the
folder's contents.
- Link to file my-public-information.htm
- Try just showing the directory and you
get this.
Email
Address Security
If
you put your email address on your site, it will probably
be harvested by spammers. Soon you will be getting many unwanted
emails trying to sell you everything under the sun.
If
you want to avoid this you can use a FORM for users to send
you feedback.
Viruses
If
your site has any files for download, such as a WORD file
or an .EXE file make sure that you scan these files for viruses
before you make them available for download.
JPG,
GIF or HTM files cannot contain viruses. That's good!
|
