In general, most sites are hacked because of older and exploitable software. Check each month for newer version of the software you have installed on your site--by upgrading often, you are making it more difficult for a potential hacker to gain entry. (Remember, when performing an upgrade, ALWAYS take a backup of your database and files).
Also, World Writable Permissions (777) are a common reason websites get hacked. Check through your site to make sure files and folders aren't marked as 777; instead, use 755 for executables and 644 for all other files.
All our servers use PHPSuExec, so you cannot use 777 permissions on scripts. We have also disabled url_fopen as this is the cause of 90% of website hacks.
Also, don't have easy to guess passwords -- randomly generated passwords are the safest, but just make sure you have a way of remembering them. Avoid using the same password multiple times.
It's best to take an active role in protecting you and your web site from harm. The following tips are strongly recommended..
|Do This:||Examples and Explanation:|
|Remove executable software that is just sitting around||If you aren't using one of these online programs - TURN THEM OFF!|
You can do this by either deleting them if you no longer need them or by "chmoding" via your FTP software all ASP, CGI, PL, etc. to 644 which will prevent a program from running.
If you aren't using some online software, you might also consider downloading the software to your local PC and then deleting the online version, this way you would have a backup in case you needed to use the software in the future.
|Change and use strong passwords often||We all know changing passwords can be a pain, but it's one of the best tips we can give to you. |
It's better to frequently change your passwords than to one day find your website shut down because a hacker broke in or used some of your online software in a devious manner. Good practice is to use long (over 8 characters) and a mixture of letters (mixed-case) and numbers eg. Miy7ZAH85weq, this way it'll be harder to hack. A good resource is here!
|Use firewalls & anti-virus on your local PCs.||We can't say it enough how important it is to run firewall software on your local PC. We also encourage updating your anti-virus software at least twice or more a month.|
So many times we have seen passwords stolen because someone had a virus on their local PC.
Some viruses are called "back door" viruses that allow someone to use your computer, while you are online, to perform their hacking attempts elsewhere. This has the effect of appearing as if you are the one doing the hacking.
Use Firewalls and Update Your Anti-Virus Often - Before It Turns Into a Regret!
|Update your online software often.||Periodically check for updates for any web based software you have either installed or someone has installed for you.|
Always update your online software especially when a security updates is released.
|Password protect online folders.||Too many times we see online folders that aren't password protected.|
Don't rely on the software provider to explain the security risks. It's best to password protect any folder that has setup files or admin files or log files or etc.
|Place an index.html in every folder.||Create a blank index.html file for EVERY folder. Otherwise, if a hacker finds one of your folders, they can usually see all the other files within that folder via the browser.|
So put a blank index.html file in every folder to prevent this basic hacking attempt from happening.
This is especially important for folders like /images /orders /admin etc.
You might also set the html file to redirect them to your home page with the following code between the commands...
|Log 404's.||404's are generated when someone tries to visit any page on your website that doesn't exist. Usually most of these are innocent from people that are coming from search engines to pages that no longer exist. However, hackers know what pages exist for 1,000's of programs you can install on your web site. They look for these pages via automated software and their software logs this information for them to come back to your site later to attempt to use the web based programs in ways you haven't anticipated. You can log 404's via web based software you can install or your host may already provide this information.|
Our clients can view this information by using their Control Panel under "Stats" and then "Error Log"
This report will also show images that aren't loading, missing files, and is helpful for debugging web based software.