There are people out there who will do whatever it takes to find their way into the deep recesses of a company web site and use the information they find to hurt the business or to gain something for themselves. The good news is there are ways to help strengthen the fortress around the site in order to stave off direct attacks.
It should be noted that many of the items on the following list could be outside the comfort zone of the average web site owner. Instead of attempting to formulate a least common denominator of safeguards everyone might understand, we will attempt to list important concepts that could save the website from attack and subsequent damage.
Ideally, if an item seems outside the range of ones abilities, having a decent understanding will provide the site owner the ability to talk intelligently about the issues to their webmasters or other technology consultants.
Safeguard Your Website With These Tips
- Regular File Updates: Old, stale files and out of date code are some of the easiest ways for a web site to find itself entered. There is a reason why applications are updated and maintained and often those reasons have to do with security holes or flaws. If you are not responsible for maintaining site code, be sure that someone is taking this task seriously and applying the latest updates in a timely manner.
- 86 Old, Unused Files: This can be a little trickier to manage on a regular basis, even for the dedicated IT professional. When new code updates are added to a site’s application files, there are invariably files which are no longer needed for proper site operations. In these cases, retaining the old files could provide those with nefarious intentions the back door entrance to files and applications on the server hosting ones website. Removing unused files, while time consuming and sometimes challenging to know if they are still required can help tighten the security around ones web site.
- Password Protect: While sensitive files and documents should probably not be hosted on a webserver, there are numerous examples where non-public information needs to be there in order to provide access to individuals who need it in their various remote locations. There are a number of technologies one can use in order to password protect files and directories. If locking down access to information is important for ones operations, find a qualified professional who can set up this type of protection as soon as possible.
- File Permissions: Another security task on the esoteric side, the concept of a file having the proper permissions set is time consuming, though not terribly difficult to instill. The main challenge with this tip, however, is understanding exactly what level of permissions any given file or directory should be set at in order to allow for normal application functionality. One of the biggest reasons for things breaking down on a website is that permissions have been incorrectly set by an inexperienced site operator.
- Prevent Google Hacking: Search engines operate by sending automated scripts to see and index the files of ones website. Also known as robots or spiders, these automated cataloging systems will follow links on the pages of a web site in order to get as complete a listing as possible. Google hacking is the phenomenon of searching the information collected by the search engine in order to try and locate content which is perhaps not meant for public consumption. With the use of a robots.txt file, the site operator can specify which files and complete directories should be off limits to those spider programs and subsequently out of the search engine’s index.
- Protect From Directory Listing: Some web hosts automatically set up web operations to allow for access to the contents of a directory via the web. The easiest way to prevent unauthorized eyes from seeing the files in any directory is to place a simple HTML file with the name “index.html” inside of every directory. Now when an address like www.businessWebSite.com/sample-directory/ is accessed, instead of seeing a complete list of the files that are located in sample-directory, the visitor will only see a blank page.
There are many more issues which are required in order to fully lock down and secure a website. The above list is a good start and should provide the peace of mind that not any one with a computer and Internet connection could take over the business website.
Author – Shelly Towns is a technology writer who enjoys researching up and coming products and specializes in studying file transfer service