With the rapid development of computer technology, people's living and working increasingly dependent on information dissemination and obtain information on the Internet, but people are plagued by time information network security risks, more and more people begin to focus on website Safety.
That is what we say for site security, site security is on site to manage and control, and to take some technical measures to ensure the confidentiality of a website environment, integrity and usability of data subject to effective information protection.
So what does it mean website security?
The first does not use a template site from unknown sources. Some people may be too cheap, you may think this is good, and do not need to spend more time on the program, only a small change can be used to casually find some use of the Internet template framework. But you do not know is that the frame is well-known social networking sites are known, are often free open source, and is used by a lot of people are familiar with, this will lead to some unscrupulous elements to analyze open source code, and then go Find inside vulnerabilities, and then to achieve the purpose of some ulterior motives. The customized site mostly for personal needs of customers to develop individually, to better improve the stability of the site, improve site security.
The second site from time to time to review and data backup. Many customers on the site and upload the line after good information, not in the management of the site, probably for a long time are not going to look at the site. This behavior is very undesirable. Because if the site was hacked, very difficult time to find, let alone deal with. So we should always go to log in to your site to check to see if it had not been hacked. Meanwhile, if the site has uploaded some of the more important information we need to carry out regular data backup. So even if the site was attacked, the first time we can effectively solve the problem.
Third Security Administration website server. Since the server is opening up, vulnerable to virus attack, thus requiring the use of a firewall tools and vulnerability detection tools to strengthen safety management and inspection of the server. At the same time, with the emergence of new vulnerabilities, the server must promptly install the patch on all kinds of loopholes, so as to avoid than the server receives external attacks and abnormal situation.
To prevent the site often black, how to strengthen the security of the site yet.
First, modify the site background path. Why you want to modify the site path, the path admin.data like this type of background, many sites are in use, it is like transparent glass top cover with a layer of paper, a poke on the break, once the background is compromised, it will leading to the site data loss problems. It is recommended to use a complex path a bit, so can better enhance website security, prevent data loss.
Second, the service providers in order to facilitate the management site, often creates a default account, use of the site during construction are the same set of source code, so that there is the background of all sites default account and password are the same, once they are hacked a, equivalent to break the N websites. So during website development, you need to delete the default account password, you can create a complex account password after three MD5 encryption to prevent hackers to steal passwords.
Third, do not leave the site back path. If you leave the background path on the site, it's like directly to the door open, so honest thief theft.
Fourth, Ftp account password to prevent leakage. Ftp is the site files to a remote server transfer tool, once the password leaks, it will make the site files in a very dangerous point, if the file appears there has been no case of a backup file is deleted, it will lead to wrong websites, serious point, it will lose a customer resource. So use Ftp tools project, we want to protect the safety of the site file, you need a strong password complexity and accidental spills.
V. site after deployment is complete, the account password to the user configuration, it is recommended to use a complex mixture password. Many people prefer to use simple numbers, letters, and even reuse a character, although the password digits long, it seems difficult to break out, but it is not true, pure numbers and characters easier to decipher, and some people accustomed to using a , b, c, d, 2, 3, or start, but this is just to meet brute force to break the order, because they are calculated according to the natural ordering of letters and numbers.
Sixth, site data and files backed up regularly. Separate databases and web deployment, backup separately, which is more conducive to data security. If the databases and web files deployed on the same server, if the server is compromised, the entire site will lead to all data and files are lost.
With the Web more and more widely, Web server has become the major targets of attacks. Such as: Web tampering, sensitive information disclosure, denial of service, worms, SQL injection, cross-site scripting attacks, etc. occur frequently. Although the unified deployment of the border firewall and anti-virus software, the system has the initial network security capabilities. But for the Web application layer security to any effective protective measures are not adopted, the prevalence of vulnerability Web program, similar to the SQL injection vulnerability, cross-site vulnerabilities hackers can easily penetrate through the appropriate attack tools, thus tampering page, even into modify the contents of the database and so on.
So in this case, how do we want it? You can use security dog in the Web platform system availability information point of view and trusted, it can solve WEB protection and acceleration, content tamper-proof, traffic analysis and management of abnormal traffic cleaning, load balancing and other core requirements, providing advance warning, in the matter protection, post hoc analysis of the full cycle of security solutions.
DDoS attacks in recent years because more and more fierce efforts, the situation is the site hijacked more and more, are becoming increasingly important for the use of HTTPS web sites. Why it is recommended to use https, the first can make the site more secure, SSL / TL certificates make your site encryption transmission, can be very good to prevent users private information such as user name, password, transaction records, and other live information being stolen and tampered with . The second is conducive to SEO optimization, as considered from the perspective of Web site security and user experience, HTTPS better than Http, safer, and this will lead to the Baidu search index when doing will give priority to better show the user a page, so in general Although the site takes longer time to do SEO optimization, but Baidu included the speed is very slow, because the site uses http protocol, user trust is not caused. HTTPS encryption transmission channel having a third effective protection of the privacy of the ciphertext data transmission, interception can not be decrypted. In particular mall online payment website, it is extremely important to use https, data transmission so that the user only when making payment get security.
This article is a personal understanding of, if not the right place, welcome to correct me message.
