B&T's Tips & Scripts
How did you find this site?
  Search engine25 % 
  My webhost27 % 
  Another website29 % 
  Referral13 % 
  Other6 % 
The last vote was cast today
B&T's Tool Box
Password Generation
Length of Password
Include Numbers
Include Uppercase Letters
Include Lowercase Letters
Include Special Characters
Password Encryption for .htpasswd
Username
Password
Check HTTP status code
enter full url to be checked
Domain Name / IP Resolution
enter Domain Name or IP Address

B&T's Recommendations

Site5.com

Got (or getting) a Mac?

AppleChronicles.com

Helpful Links to Other Sites

PHP Documentation
Apache Server Documentation
MySQL Reference Manual
W3C Page Validation Tools
View your site in other browsers
American Registry for IP Numbers
Test Your Firewall
Test Your Connection Speed

B&T's Tips & Scripts is a collection of Tips & Scripts to help you build a better website.  The Tips & Scripts are targeted towards the native Apache PHP MySQL environment.  Check back frequently as there will be additions and modifications.  Please check our terms of use.
B&T's Tips & Scripts is a safe website.
No pop-up ads and no evil downloads.
Search Tips & Scripts
as current the latest index of this site
Tag Definitions Date - most recent update
- for advanced users
- topic rating
php5 - requires php5 or later
Have you had enough programming and website building for a while?
Need a break to clear your mind?
Go to PrettyWorthless.com, where you will find nothing of value.


   Using .htaccess  

  1. .htaccess Basics Mar 9, 2006
  2. Domain & subdomain pointing May 12, 2005
  3. Automatic subdomains Jun 17, 2007
  4. Undefined subdomains Jul 20, 2008
  5. Prevent direct access to a pointer or subdomain directory Aug 15, 2006
  6. Forcing or eliminating the WWW. Feb 9, 2005
  7. Fixing the trailing slash problem May 11, 2005
  8. Friendly URLs Mar 21, 2007
  9. Rewrites and https Dec 18, 2007
  10. Blocking traffic to your website Jan 2, 2005
  11. Anti-leech May 25, 2005
  12. Fancy default index page Jan 25, 2005


   Using .htaccess/.htpasswd Password Protection  

  1. Setting up password protection Feb 9, 2005
  2. Encrypt your password for .htpasswd Dec 21, 2007
  3. Auto Password Change and Email Notification Dec 21, 2007 php5
  4. Auto generate .htpasswd file Dec 18, 2007 php5
  5. Passing user authentication information to PHP Jun 13, 2004


   Coding Tips  

  1. HTML "One Liners" Nov 13, 2005
  2. PHP "One Liners" Apr 5, 2007
  3. JavaScript "One Liners" Aug 25, 2007
  4. CSS examples Sep 9, 2006
  5. SQL coding examples Aug 29, 2006
  6. AJAX example Sep 24, 2006


   Uploads and Downloads  

  1. File Upload Script Dec 20, 2007 php5
  2. Custom Download Page Dec 14, 2007 php5
  3. Tracking and Securing Downloads Dec 20, 2007 php5


   Mail  

  1. Form Mail Aug 19, 2007
  2. Obfuscate your email address Nov 12, 2006
  3. Read and auto-process mail Nov 12, 2004
  4. Auto-responder Dec 18, 2007 php5
  5. Display your email message count Jul 30, 2004
  6. Setting up SPF Records Jan 4, 2007
  7. Specify a return-path for generated mail Jul 18, 2006


   Working with Images  

  1. Watermark images Jul 14, 2007
  2. Resize images (create thumbnails) Jul 14, 2007


   Frequently Requested Website Functionality  

  1. Visitor Counter Dec 14, 2007 php5
  2. 404 Error Page (with reporting and logging) Dec 20, 2007 php5
  3. CAPTCHA Aug 19, 2006
  4. Poll (voting) Dec 17, 2007 php5   see it on this page
  5. Weather Jul 27, 2008 php5
  6. FAQ Page May 23, 2005
  7. Random/weighted banners, quotes & more Feb 9, 2005
  8. Load a random image (simple) Jan 20, 2004
  9. Image (banner) rotation Oct 15, 2007
  10. Simple "members only" pages May 13, 2005
  11. Replace banned words Apr 5, 2007
  12. Get the most recent file date Jan 30, 2006
  13. Moving (bouncing) Image Nov 10, 2005
  14. Sticky default values for an input Oct 22, 2006


   Using PHP  

  1. Creating a custom php.ini file Dec 18, 2007 php5
  2. Copying the php.ini file Dec 18, 2007 php5
  3. Deleteing php.ini files Dec 18, 2007 php5
  4. Clean up your PHP scripts Nov 11, 2005
  5. Regular Expression Rules Mar 22, 2006


   Website Managment  

  1. Tips for keeping your website secure Jan 24, 2006
  2. Using Cron Sep 13, 2005
  3. Website Monitoring Dec 19, 2007
  4. Automated Site Backups Dec 19, 2007
  5. Automated MySQL Backups Dec 19, 2007
  6. Server-to-server file transfer December 16, 2006
  7. MySQL Error Notification Dec 20, 2007
  8. Find File and Directory Sizes Dec 14, 2007 php5
  9. Deleting session files Aug 9, 2006
  10. FTP made easy Mar 1, 2006
  11. Search and Replace Dec 14, 2007 php5


   Other Tips  

  1. URL Validation Feb 8, 2008
  2. Stop direct links to web pages Jan 22, 2004
  3. Ensure your page is not opened in a frame May 5, 2005
  4. Masking your URL in the Address Bar Jul 20, 2004
  5. Ban or allow IP Addresses (without using .htaccess) Jan 19, 20008
  6. Using Cookies Sep 24, 2006
  7. View your website in different resolutions Jan 2, 2005
 

Back to Top     Print this Tip

Tips for keeping your website secure

Here are a few Tips for keeping your website secure:
  • Set up a new ftp user.  Do not use your primary control panel user for ftp.  That way if your ftp user/password does get compromised at least they do not have access to all your settings (although they could still get to some of them through direct file editing).
  • If you have a forum or use other off-the-shelf scripts, create a subdomain as another site (package).  Then the forum will be isolated from the rest of your website.  If someone does hack their way in, they cannot reach anything except that forum.  It is those open source scripts that always seem to get hacked.  If you use one, keep it current.
  • If you are running php, consider using a custom php.ini file.  At a minimum you should ensure the following:
    • register_globals = off   The only reason to have it on is to allow poorly written scripts to execute on your site.  That just invites hacking in the event of coding errors (and there always can be some coding errors).  If you have a script that requires register_globals = on, fix it or dump it and get a new script.
    • session.use_trans_sid = 0  This will help prevent revealing the ID of your php sessions in urls.
    • Then there are a few other setting you should consider:
      • Set your own upload_tmp_dir value so uploads are processed in your space rather than in a server shared directory.
      • Set your own session.save_path so session files are stored in your  space rather than in a server shared directory.  Remember to delete these files on a regular basis.  There is a script for doing that on this page.
    • Be sure to chmod your custom php.ini file to 600.  This will prevent others from viewing the contents of the file.
  • Chmod 600 any PHP sctipt that contains secure information, like usernanes and passwords.  This will prevent others on your same server from looking at the code.
  • Use file upload scripts rather than giving out ftp access to your site.  If you must give out ftp access, set the ftp user so their access is to a directory above public_html.  That way what ever they upload cannot be seen or executed from the net.
  • Any file upload scripts should have basic protection built into the script.  These protections should includes file type restrictions so no one can upload any scripts or other damaging files, placing the files in an alternate directory for isolation and to ensure no key file is overwritten, file size retrictions, and upload directory size restrictions so the facility is not abused (and you site does not run out of space).  You can find a file upload script with these protections on this page.
  • Ensure passwords are random and contain combinations of characters, numbers and symbols.  You can find a good password generator on this page (in B&T's Tool Box).  And, of course, change your passwords regularly.
  • Send all 403 errors to a 404 page using ErrorDocument in htaccess.  There is no reason to let someone know anything is forbidden rather than not there.  Why invite an attempted hack?

Rate This Topic



 
You are visitor 444,558
Last week there were 3,536 visitors
Copyright ©2004-2008