Dave Shea sees hell like I have in the past. Here’s my account of: I got cracked and how. This incident forced me to look at security that—I thought previously—wasn’t my job. I almost hung my boots up in the process.

Following this, I wrote a few connected posts: Why phishing works, Clarity of links and Pharming on the web using blogs. The point is—if you make publishing online your business, then there are no excuses for not making its security your business too.

Here’s what I do to ensure my site’s relative security:

• I choose a host, first based on recommendation, good track record.
• I keep my (blogging, content management) software up to date.
• I use sFTP (in passive mode) and SSH to connect to my site for uploading, downloading and modifying things there.
• I use file permissions with care.
• I take weekly backups—all files (at least the modified ones) and databases.
• I avoid inserting unknown scripts (of any kind, particularly javascripts) in my pages. (They pose security threats—open back doors to your site on your server.)
• I pay attention to server logs. (They often have a story to tell. Note: server logs and stat services aren’t one and the same. Usually stat services are unaware of happenings on your server.)
• I pay special attention to modified files on server.
• I hear warning bells when people, security consultants tell me that my site is acting like Paypal’s or some bank’s login. (This is when shit has already hit the fan; and I’ve been there once before.)

Any additional site security tips are most welcome.

security

Related posts

Following list is auto-generated, based on this post's context as possibly related. You may, however, occasionally find some in this list unrelated, but nevertheless, we sincerely hope that you'll enjoy them too.

• The going gets tough
• Normal and contemporary
• Limping back
• Google Talk
• Back to being a consumer
• My slip sends a mass invite. Oh hell!
• Houston, we have a problem
• Tragic
• Back as before
• Feed recognition absent in Chrome