Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall
The book then, this time mainly shares the Linux security configuration.
One, port
The use of iptables are all prohibited, and then only open the necessary ports, such as 21,22,80, but in addition to 80, FTP and SSH port we'd better modify, so that the hacker scan brings some difficulty, but also to explain that your server is black to say that the other side of the level than you, But most are not really high, but use some of the tools written by the master to scan your server. The so-called flies do not bite the seamless eggs.
Second, the user
Remove all default users, prevent root users from remote logins, lock passwd, group files, no one access. Only open the necessary users, such as users from the Internet, as much as possible to control permissions. Your own management password to be updated regularly, recommend the use of automatic password-generating tools, complex enough, especially the first black chain is prevalent, the breach of a server can bring considerable benefits, more should pay attention to.
III. Application
On the application, do not use ready-made templates, especially for free, you can get, everyone can get, any program is theoretically flawed, if a program users too much, and find a loophole will gain a lot of benefits, it should be noted. The so-called no profit is not early. Focus on the log every day, you can see that a lot of scanning program access, is generally trying to access a particular program or file, if you find that you are using, and have not patched loopholes, then you should be careful.
Design flexible restricted access policies
Although Apache has provided a powerful access control, but not flexible enough, it is best to have fine-grained control access strategy, so as to enable our customers to normal access, the majority of malicious access denied.
Malicious access, divided into many, such as hotlinking, will use our valuable bandwidth and server resources for others to provide related services, but if the use of good words, but will bring us traffic, the so-called magic a ruler, road a foot. Because of the work relationship, this content can be launched, to find opportunities to do this topic, show a few flowers decay as a magical example.
Also such as disgusting crawl, embezzle our laborious organization content. We can from the IP, Access frequency, then the URL parameters on the screen, but the main is a reliable discovery mechanism.
V. Server monitoring
Server monitoring is essential, but do not recommend the use of sophisticated monitoring software, such as Nagios, mainly for performance considerations, the server will be overwhelmed, and then add a heavy burden to him.
Recommend that you can write some monitoring of the shell script, are very simple, detection of several key indicators, such as CPU load, memory utilization, hard disk reading and writing peak, network card traffic. You can use cron to perform periodic.
Application of the operation of the log is essential, the Run-time log a test program running state, whether good, and the second is in error, can be early to the point of error, to be corrected.
Access to the log, is the only way we understand the user's behavior. is to enhance the quality of the site content of the key indicators rely on. The website's revision, the function addition all must draw the conclusion based on the analysis log.
The sharing is complete, please look forward to my next share.
This series of articles by Artuber comedy Jokes (http://www.artubo.com) webmaster writing, starting A5, reproduced please leave a link