View previous topic :: View next topic |
Author |
Message |
havana8 n00b
Joined: 17 Nov 2017 Posts: 16
|
Posted: Fri Dec 08, 2017 1:07 pm Post subject: Website Security |
|
|
Hello guys!
I have a question concerning my website security. I would like to know what are the tips and tricks for keeping your site protected from hackers, malware, etc.? I wouldn't like my visitors to be infected and would like to have everything under control!
Hope you can help me out! |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21595
|
Posted: Sat Dec 09, 2017 8:57 pm Post subject: |
|
|
- Minimize external dependencies used by your site. Don't run ads managed by an external entity; these are a disgustingly common source of malware. Don't depend on Javascript hosted elsewhere (or, if you absolutely must depend on Javascript, source it only from the widely used reputable CDNs and enable Subresource Integrity).
- Enable HTTP Strict Transport Security.
- Enable Content Security Policy.
Beyond that, as audiodef says, we need specifics. |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sat Dec 09, 2017 10:36 pm Post subject: |
|
|
And use HTTPS: a lot of ISPs have proven themselves not above committing MITM attacks to inject ads. |
|
Back to top |
|
|
havana8 n00b
Joined: 17 Nov 2017 Posts: 16
|
Posted: Mon Dec 11, 2017 12:48 pm Post subject: |
|
|
I went with Apache because I've heard that it is the most used one. |
|
Back to top |
|
|
havana8 n00b
Joined: 17 Nov 2017 Posts: 16
|
Posted: Mon Dec 11, 2017 2:55 pm Post subject: |
|
|
Hu wrote: | - Minimize external dependencies used by your site. Don't run ads managed by an external entity; these are a disgustingly common source of malware. Don't depend on Javascript hosted elsewhere (or, if you absolutely must depend on Javascript, source it only from the widely used reputable CDNs and enable Subresource Integrity).
- Enable HTTP Strict Transport Security.
- Enable Content Security Policy.
Beyond that, as audiodef says, we need specifics. |
Thank you for the suggestions! I suppose a good move is to get an HTTPS certificate? |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21595
|
Posted: Tue Dec 12, 2017 3:35 am Post subject: |
|
|
Yes. For a public site, EFF's Let's Encrypt will give you a free ~90-day certificate, with free renewals as needed. Renewals can be automated for most common web server types. |
|
Back to top |
|
|
|