How do I build a high-security Web environment?

Recently the site was Hung horse, and finally through the pony file creation time to find analysis access logs, find some abnormal access, finally solved the problem of being hung horse, but the problem is not know who is the way to upload the horse through which means the back door, with the open source system, a hole is also unavoidable.

所以问题来了，如何防范这种通过漏洞或者其它方式在web中留下后门，打造高安全性的生产环境？

Reply content:

Recently the site was Hung horse, and finally through the pony file creation time to find analysis access logs, find some abnormal access, finally solved the problem of being hung horse, but the problem is not know who is the way to upload the horse through which means the back door, with the open source system, a hole is also unavoidable.

所以问题来了，如何防范这种通过漏洞或者其它方式在web中留下后门，打造高安全性的生产环境？

The code should have version control, or it will be changed you do not know.
Install the software to use the Package Manager, or be changed you do not know.
If you don't know which one has been changed, re-install the system.

1. Minimum permissions (detailed partitioning of the permissions that each directory should have)
2. Minimal service (no need to install)
3. Minimal exposure (no unnecessary ports are closed)
4. App segmentation (each Web site runs under a different user limit in the site directory)
5. Can run file directory change monitoring
6. Security patches are patched in time

Think of so much for a moment

1. can see GB, operating system security level, public server, should at least achieve security level four standard, can have separation function
2. Open source Linux has selinux modules, preferably in enforcing mode and with MLS
3. Deploy Apps using containers (LXC or Docker)
4. Lazy to configure can use public cloud

