August.

Can’t believe it’s already August.  My how time flies when you’re getting old.  LOL.

August always reminds me that the kids are heading back to school soon, which in turn always reminds me how bright our children are these days.  Which usually brings me to thoughts of bored ’script kiddies’ bee bopping around on the web looking for something they can get into.

Usually trouble.

So August is a good time for us to talk about your overall security when designing your sites.

Most of the sites out there today are a combination of several coding languages.  The most common being HTML, PHP, Perl, MySQL, etc.  It doesn’t really matter what languages you’ve used, but your structure is very important.

What I’m working to is this.  Most of today’s sites have areas that you would rather not give the world access to.  It might be configuration files that contain user info, passwords, etc.  Or it could be a gaping hole into your databases.  Whatever the case may be, my question is, are you taking the time and precautions to gaurd these files containing sensitive or compromising information?

Maybe you are using Wordpress, which is the script used for this blog.  What, if anything, are you doing to protect the files that contain the keys to your website?

Because if you are using the standard file structure for a mass use open source script, and you haven’t thought about it being a target or attempted to put any security in place, then you are begging to be brought down by a bored 14 year old.

Because he has spent his summer looking for exploits on the ’standard’ install. 

Maybe you are using some sort of auto installer for a given script, like Fantastico.  But then you never bothered to clean up the stock installation. 

No worries, keeping things more secure is fairly simple, you just have to remind yourself that a few things need to be done before you put that site live.

First, what are your file permissions?  Often, you need to give full 777 CHMOD permissions to a file or set of files to get the install done quickly.  But did you leave them at 0777?  Because if you did, you left your files completly controllable remotely.  You’ll always want to go back in these instances adn bring your permissions down to 755 or lower, keeping out unwanted execution and access.

There are several other areas to cover in regard to your new site’s security, so I’ll add on the next part tomorrow.