When attacks occur on websites, they are usually a result of a compromised password, or because of files that have poor security, either because of insecure file permissions or programming flaws. Security's one of the aspects that we always strive to be improving at Vodien, especially since all of our clients' data is at stake.
One of the security implementations that we have done is to install SUPHP as a standard on our servers. This tool improves the security of our servers because it makes files run under the user's specific user account, as opposed to the default Apache user account. By using SUPHP, it allows us to monitor the resource usage of accounts, and locate rogue script files easily.
Another way you can improve the security of your site is to password protect any important areas, such as the admin interfaces of your scripts. This is applicable to popular scripts such as Wordpress or Joomla. By default, scripts already have a password-protected login, but that's a PHP/Session/Database implementation. By having a Apache/htaccess protected login area ON TOP of that, you're improving security even more. For example, if you were running Wordpress, you will be looking at password protecting the /wp-admin folder.
If you're on our servers, you just need to login to your control panel, and go to "Password-Protect Directories". If not, you can do it manually too, with these steps:
Using a text editor (such as Notepad), create a text file named .htpasswd (note that there's no .txt extension here). Simply put in one line that has your username and password, in this format:
username:password
Next, create a .htaccess file in the same manner, but put this block of code instead:
AuthUserFile /home/username/.htpasswd
AuthType Basic
AuthName "Protected Area"
Require valid-user
Now upload the .htpasswd to your root directory. Your web server might be configured differently, but this root folder should be outside your www, or public folder, where your website files are served. If not, then put it such a location, and change the filepath in your .htaccess file.
Next upload the .htaccess file to the folder that you want to protect, and that's it. Your directory is now password protected.
Warning: .htaccess is a powerful Apache file that if wrongly configured may make your website inaccessible. If you aren't sure about what you're doing, please get professional support from your hosting provider.
[template id="7325"]
Other Stuff