Security has always been a major problem webmasters more concerned about a website, without a secure system environment, no matter how well meaning nothing, once attacked, the loss will be very large. Therefore, learn to prevent hacker attacks, to protect their own website, it is necessary.
How small owners to prevent hacker attacks, avoid sites suffer? Site Security website owners their experience of a
I learned from the establishment to the present, with the establishment of a system hundreds of times, I can not say much about this system to understand, but some of the most basic things, I'll probably understand. Here I give share with you, my experiences in the establishment and protection station area.
1, the more simple the more secure
I see a lot of owners like to pursue the establishment of systems on the tall, there are many owners of the system code is completely ignorant, spend money to build a station, even a change of title will not change. Suffice it to say, you do not know yourself, get less complicated system, interesting?
In fact, people should understand the establishment of clear, most secure site than the site of several simple html page structure, which is the safest, is the station in addition to the content of html, nothing else, the data table nor, JS nor that this website can be described as impeccable. To this hacker attack site, there is only one way and that is to get your back office address, account number and password. But a thirty-four flow, not even mediocre hacker, is not that level. There's a second-rate level of disdain for hackers to attack your little website.
So I had to do a very simple website, composed entirely of a single page, even the background are not, after you've written a single page, go directly uploaded via ftp. This, how people attack? Is not an attack.
So, I think if it is not necessary to service, it is not necessary to get how complex the system, always remember: the simpler, more secure!
2, delete unnecessary system files
When we choose a website system, we must respect our own website, the excess of unnecessary files all deleted. Preset in the system something that I can not entirely, membership system, I do not need, therefore, all members and associated I regarded it deleted. As another example, I do not need the message board system, directly to delete it all, without leaving a file.
Most attacks on websites, is through exploits, and the so-called loopholes are exposed some of the more complex a system file, therefore, regarded it unnecessary deleted. But rather to keep a threat.
3, delete unnecessary data table
In fact, most of the sites are attacked to attack through the database, so the database will delete unnecessary data table, which is a major preventive measures have been attacked.
We must strive site system is simple, no need complicated, complex will not bring any good luck to you. In fact, you will find that if your site is just a few simple html single page, search engines very quickly, and the same page, you put it in complex systems, your speed is very slow.
4, from time to time to change the background address
We must cultivate the habit, from time to time change the background address, except not changed. Before I address the background of more than two years did not change, the result of one day, when I use the site to see Indexed found that Baidu actually put my back catalog collection, and this is very dangerous. So, after that, I changed back catalog does not say, also made a similar page 404 pages, search engines are not going to included in your 404 page.
Back catalog, we can not by robots file to prohibit search engines to crawl, because this is like telling everyone, "admitting their guilt."
5, from time to time to change the administrator account password
Administrator account and password is related to site security, change from time to time, in order to ensure a more secure site. Because once to get the administrator account password, the entire station are exposed.
6, from time to time to back up the whole site
We must not develop the habit of regular backup site, including all file systems, including database files. After the backup is stored in a relatively safe place, in case when the accident occurred, to limit the damage.
My website, although server provider has set up an automatic backup every day for me, but I will from time to time about their own backup site in case of emergency.
7, set the system file permissions
Some files, we do not need to write, it is set to read directly on it, when hacking your website, although through loopholes, but they must write something because as a result, the file permissions set , can effectively prevent the site was attacked.
8, spam processing
Website, most of the vulnerabilities were in the input port, the saying goes:. "Disease from the mouth, loose lips" Web site is the same vulnerabilities exist in the input port, including a search box, comment boxes and so on. I set up all the mechanisms need to review the comments, so, when I saw some strange comments in the background, I would not look directly, directly deleted.
Online there is a flaw attack took advantage of offensive comments, once you open the view point of the comment content in the background, it will be to get you back immediately address, account number and password to each other. Therefore, those strange comments do not point to open to see, like direct deleted.
Remember this!
9, to prevent traffic attacks
Traffic attack, by definition, drain your site traffic flow and so on through the brush method. I'm station early time, also suffered flow attack, attack traffic is also very powerful, can your G dozens, even hundreds of traffic G depleted in a short time. Cause your site shut down, shut down the site once, even if only a day or two off, crashed the whole keyword ranking will fall no more.
Therefore, when we choose a server or host, try to choose those limited traffic, which can effectively avoid the site because the traffic was shut down and exhausted, suffer.
10, do not log in "dirty" equipment
This is mainly a public computer, such as Internet computers, do not sign in the background on this type of computer, very dangerous. I had suffered, I was in a cafe boarding a result, the bottom of the page template flew more than a JS, all ads replaced all others advertising.
So, best not to use a public computer with anti-virus before it can be killed, but most of Internet cafes set up the authority's computer, some files are deleted can not afford you, so best not to board the Internet cafe computer.
Author: Door Creek snow
Source: Lu Songsong blog, please share.
