Security has always been the major stationmaster are more concerned about the problem, a website, if there is no safe system environment, do well again, it does not mean much, once attacked, the loss will be very big. Therefore, it is necessary to learn to guard against hacker attacks and protect their websites.
I have used a system to build a station for hundreds of times since I learned to build a station. I dare not say THAT I know this system very well, but I probably know the most basic things. Here to share with you, I in the construction of station protection station experience.
The simpler the safer
I see a lot of stationmaster like the pursuit of lofty station system, there are a lot of stationmaster completely ignorant of the system code, money to ask people to build a station, even change a title will not change. I’m just saying, you don’t know yourself, is it fun to work on such a complicated system?
In fact, people who know how to build a website should be clear, the most secure site is a simple website composed of several HTML pages, this is the most secure, is the station in addition to the content of THE HTML, nothing else, there is no data sheet, JS is not, this kind of website is invulnerable. The only way for a hacker to attack such a site is to get your background address, account number and password. But a third – or fourth-rate hacker, or even a low-level hacker, is not that good. A number one, number two hacker wouldn’t care to attack your small site.
So WHAT I did was I made this very simple website, which was made up of a single page, with no background, and once that page was written, it was uploaded directly through FTP. Well, how do they attack? It can’t be attacked.
So, I don’t think it’s necessary to build a complex system if you don’t have to. Always remember: the simpler, the safer!
2. Delete unnecessary system files
When we choose a site system, be sure to delete all unnecessary files for our own site. Some things preset in the system, I completely do not use, membership system, I do not need, so, everything related to membership I delete it. For example, I don’t need the message board system, I just delete it all and leave nothing.
Most of the attacks on websites are attacked by vulnerabilities, and the so-called vulnerabilities are exposed by some more complex system files, so it is not needed to delete it. Keeping it is a threat.
Delete unnecessary tables
As a matter of fact, most attacks on websites are carried out through databases, so removing unnecessary tables from the database is a great defense against attacks.
We must strive for a simple website system, there is no need for complexity, complexity will not bring you any good luck. In fact, you’ll find that if your site is just a bunch of simple HTML pages, search engines will pick up the page very quickly, and the same page, if you put it in a complex system, will pick up the page very slowly.
4. Change the background address irregularly
Be sure to form the habit of changing the background address from time to time, except for those that cannot be changed. Before, my background address for more than two years did not change, the results of one day, I use site to view the collection, found that Baidu actually included my background directory, which is very dangerous. So, after that, I changed the background directory not to say, but also made the page similar to 404 pages, search engines will not include your 404 pages.
Background directory, we are not through robots file to prohibit the search engine crawl, because it is like telling everyone “there is no silver three hundred two”.
5. Change the administrator account password from time to time
The administrator’s account and password are related to the safety of the website, and can be changed from time to time to ensure that the website is more secure. Because once you get the administrator’s password, the whole site is exposed.
6. Unscheduled backup of the entire site
We must form the habit of backing up the website from time to time, including all files of the system, including database files. Keep the backup in a relatively safe place to minimize damage in case of accidents.
My website, although the server provider set up automatic backup for me every day, but, I will not regularly back up their own website, in case of emergency.
7. Set system file permissions
Some files, we do not need to write, then directly set as read-only can be, hackers attack your website, although through the vulnerability, but also must write something to go, therefore, the file permissions set, can effectively prevent the site from being attacked.
8. Handling of spam comments
Website, most loopholes exist in the input, as the saying goes: “a close mouth, a close mouth.” Website is the same, the vulnerability is in the input, including search box, comment box and so on. I set up a mechanism for all comments to be moderated, so that when I see some weird comments on background, I delete them without looking at them.
There is a vulnerability attack method on the Internet that uses comments to attack. Once you click on the comment content in the background, the other party will get your address, account number and password immediately. Therefore, those bizarre comments should not be highlighted, just delete them.
Remember this!
9. Defend against traffic attacks
Traffic attacks, as the name suggests, deplete your site of traffic by, for example, swiping traffic. When I was in the early stage of the establishment of the station, I also suffered from traffic attacks, and traffic attacks are very severe, which can exhaust your traffic of dozens of G or even hundreds of G in a short time. Cause your site to shut down, once the site shut down, even if only for a day or two, keyword rankings will be crashed out.
Therefore, we choose the server or host, as far as possible to choose those unlimited flow, so that can effectively avoid the site because of traffic exhaustion and shut down, suffered losses.
10. Don’t log in from an “unclean” device
Here are mainly public computers, such as Internet cafes, do not log in the background on this type of computer, very dangerous. It happened to me once when I was in an Internet cafe and there was an instant JS in the template at the bottom of the page that replaced all the ads with someone else’s.
So, public computer had better not use, before using can first kill kill poison, but the computer of Internet bar mostly set authority, some files you are not deleted, therefore, Internet bar computer had better not board.
Author: Ximen flying snow
Source: Lu Songsong blog, welcome to share.