Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Website Security
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
havana8
n00b
n00b


Joined: 17 Nov 2017
Posts: 16

PostPosted: Fri Dec 08, 2017 1:07 pm    Post subject: Website Security Reply with quote

Hello guys! :)
I have a question concerning my website security. I would like to know what are the tips and tricks for keeping your site protected from hackers, malware, etc.? I wouldn't like my visitors to be infected and would like to have everything under control!
Hope you can help me out!
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 5934

PostPosted: Fri Dec 08, 2017 8:32 pm    Post subject: Reply with quote

We'd need to know more. Are you using Apache? MySQL? PHP? Etc. Is it your system of your own design? Security for coding your own site differs from security for a Joomla-based site, for example.
_________________
Gentoo Studio
Gentoo Studio in open beta. Feedback wanted.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 11630

PostPosted: Sat Dec 09, 2017 8:57 pm    Post subject: Reply with quote

  • Minimize external dependencies used by your site. Don't run ads managed by an external entity; these are a disgustingly common source of malware. Don't depend on Javascript hosted elsewhere (or, if you absolutely must depend on Javascript, source it only from the widely used reputable CDNs and enable Subresource Integrity).
  • Enable HTTP Strict Transport Security.
  • Enable Content Security Policy.
Beyond that, as audiodef says, we need specifics.
Back to top
View user's profile Send private message
Ant P.
Advocate
Advocate


Joined: 18 Apr 2009
Posts: 4643

PostPosted: Sat Dec 09, 2017 10:36 pm    Post subject: Reply with quote

And use HTTPS: a lot of ISPs have proven themselves not above committing MITM attacks to inject ads.
_________________
*.ebuild // /etc/service/*
Back to top
View user's profile Send private message
havana8
n00b
n00b


Joined: 17 Nov 2017
Posts: 16

PostPosted: Mon Dec 11, 2017 12:48 pm    Post subject: Reply with quote

I went with Apache because I've heard that it is the most used one.
Back to top
View user's profile Send private message
havana8
n00b
n00b


Joined: 17 Nov 2017
Posts: 16

PostPosted: Mon Dec 11, 2017 2:55 pm    Post subject: Reply with quote

Hu wrote:
  • Minimize external dependencies used by your site. Don't run ads managed by an external entity; these are a disgustingly common source of malware. Don't depend on Javascript hosted elsewhere (or, if you absolutely must depend on Javascript, source it only from the widely used reputable CDNs and enable Subresource Integrity).
  • Enable HTTP Strict Transport Security.
  • Enable Content Security Policy.
Beyond that, as audiodef says, we need specifics.

Thank you for the suggestions! I suppose a good move is to get an HTTPS certificate?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 11630

PostPosted: Tue Dec 12, 2017 3:35 am    Post subject: Reply with quote

Yes. For a public site, EFF's Let's Encrypt will give you a free ~90-day certificate, with free renewals as needed. Renewals can be automated for most common web server types.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum