I get asked a lot about web server security and how tips on to secure a web server. The first answer is always don’t annoy Lulzsec or another else from the hacking group “Anonymous” because it appears they can hack some big names!
Basic things that you need to take care to avoid such issues:
- First thing you always need to make sure is Remember to “Sign Out/Log Out” from any of the servers, portals or services
- Passwords: Longer is Stronger. Make sure that you use a strong, long and a complex password, as greater variety of characters that you have in your password, the harder to guess.
- Avoid sequences or repeated characters in your password.
- Use Mix letters, numbers and symbols, and use case sensitivity (upper and lower case letters).
- Avoid dictionary words in any language.
- Try to memorize the password, and avoid writing it down or saving on your computer.
- Avoid using only one password for all your accounts.
- Update all the passwords on regular basis. It’s a good practice to update the passwords frequently.
- Make sure file and folder permissions are what they should be. Common correct permissions for world-readable (but not world-writable) folders are 755 (rwxr-xr-x), and common permissions for world-readable files are 644 (rw-r–r–). Those are what you should mostly expect to see.
- Check all the scripts and applications with a Senior web-developer or technology consultant, this is because weak scripts may allow easy access for intrusions.
- Check and confirmed that any third-party login are disabled, in cPanel these are called ‘Allow Anonymous Logins’ , ‘Allow Anonymous Uploads’ & ‘Allow Logins with Root Password’. Allowing these options is generally considered to weaken the security of the server.
Some other possible way is that just login to your server and check if the last login shows your IP address from the last time you logged in. If it does not show your IP address you just need to note it down, it is clear that someone was able to log in to your server (like you do), they have your userID, password, and all the same access to your site that you have! They can probably also get FTP access, which is what they are more likely to use than any portal software. For this the main point is to get the logs and try to identify the IP address that attacked you, change all passwords and if possible all usernames.
If you are using cPanel on your web server you can enable log archiving in cPanel in following way:
- Go to cPanel > Raw Log Manager (the name varies in different cPanel versions).
- Check the “Archive Logs…” box.
- Uncheck the option “Remove the previous month’s archived logs…” box.
- Click Save By enabling the log archive it will forcefully save the logs of who connects to your site by HTTP and by FTP .
- If archiving was already enabled on your system then , the attack is most likely recorded, which will be very useful in tracking the hacker. If it was off, the data is lost unless the daily stats run hasn’t been done yet, but subsequent similar attacks, which are likely, will be logged.
With the above measures, server security issues could be avoided in future. These web server security tips don’t cover off settings on firewalls, DMZs or lan infrastructure as that tends to be on a case by case basis.
Please contact me if you still have further questions, I shall be glad to assist you.