Web site security Configuration in Linux
1, we first set the site directory and file owners and all groups for centos,www, such as the following command:
Chown-r Centos:www/home/centos/web
2, set the Site Directory permissions of 750,750 is CentOS user to the directory has read and write permission to execute, so that CentOS users can create files in any directory, the user group has read execution permissions, so as to enter the directory, other users do not have any permissions.
Find-type d-exec chmod 750 {};
3, set the Web site file permissions for 640,640 refers to only CentOS users of the site files have changed permissions, the HTTP server only read the file permissions, cannot change the file, other users do not have any permissions.
Find-not-type d-exec chmod 640 {};
4. Set writable permissions for individual directories. For example, some cached directories on a Web site require write access to the HTTP service. For example, the/data/directory for Discuz x2 must write permissions.
Find Data-type d-exec chmod 770 {};
Web Site Permissions Directory Security Configuration under IIS
1, first open the Internet Information Services (IIS) Manager, expand the ' Local computer-site ', click on the Web site--new--the site.
2. Enter the identity of the new website in the description of the website.
3, in the IP address and port settings, if the use of our dual-line server, then the site IP address selection ' All Unassigned ', the site port generally with the default ' 80 ', no need to modify. The main header of this website can be filled in the domain name of your website.
4, the Site directory to enter your site file directory path, you can also click to browse, select the appropriate directory.
5, in the site access rights on the Tick ' run script (such as ASP), otherwise ASP program may not run.
6, click to complete the site 建新.
7, next for the site to establish an independent user, in My Computer icon right click, select the Management menu.
8. Expand Local Users and Groups, right-click the user-new user.
9, enter user name, password, remove ' User must change password next login ', tick ' user cannot change password ' and ' Password never expires '.
10. Double-click the new user and delete the user from the Users group at the ' subordinate ' section.
11, click Add, input Guests, will be a new good user to join the Guests group.
12, click OK, complete the new user account.
13, open the Site directory, click the right button, properties.
14, click Add, give new good user to access this directory permissions, in the dialog box to enter a new account.
15, click on the newly added account number, a single point of advanced, user access to the directory settings.
16. Double-click the newly added account number and select all items except ' Full Control ' and ' Traverse Folder/Run file ' in the permission entries.
17, click to determine the completion of directory permissions settings. If there are more files in the directory, you might want to wait a little longer.
18, re-open the ' Internet Information Services (IIS) Manager, expand the local server--the site, on the new good site Right-click--Properties, select the ' Directory Security ' tab. Click ' Edit ' at ' Authentication and access control '.
19, in the Authentication Method dialog box, enter the new username and password, make sure you need to lose again, click OK to complete all settings.
security tips against web threats
1. Block access to malicious software servers
When a desktop user requests HTTP and HTTPS Web pages from an unknown malicious software server, immediately blocks this request, saving bandwidth and scanning resources.
2. Limit mobile code to trustworthy sites
Mobile code such as scripting and active code can make the network richer and more interesting, but hackers also infiltrate desktop computers and run executable code or applications to execute scripts embedded in files.
3. Scanning at the Web gateway
Do not assume that all of your desktops are up to date, run anti-virus programs (AVP) or access Computer Management perfect. You can easily control all incoming Web traffic (HTTP, HTTPS, and FTP) by conducting a centralized scan before the malware attempts to enter your network instead of having entered the desktop.
4. Desktop and Web gateway scanning using products from different vendors
The current attack was tested against the popular AVP before it was released. The diversity of malware scans increases the chance to block threats.
5. Update desktop and server patches regularly
Most attacks and threats are spread using application and system vulnerabilities. Reduce the risk that a known vulnerability poses to your computer.
6. Install anti-virus software and keep it updated
Since the boot area virus appears, the installation of anti-virus software has become a standard program for checking incoming files, scanning memory, and current files. Any computer running Windows should have the latest anti-virus software installed. If "bad" has broken through all other network protections, this is the last line of defense. In addition, anti-virus software can be a good defense against malicious software propagated through non-network methods, such as a CD or USB flash.
7. Only access to HTTPS sites checked through all browsers
Most users do not understand the importance of three SSL browser checks, or do not understand that you do not access sites that do not pass all three checks. The SSL check is an expired certificate, a publisher that is not trustworthy, and a host name mismatch between the certificate and the requested URL.
8. Download executable programs only from trustworthy websites
Social engineering is very active on the Internet! An effective way to publish malware is to bundle it into seemingly useful programs. After execution, the malware will do whatever it wants. This type of attack is also known as a Trojan horse attack.
9. Do not access the Web site that uses the IP address as a server
Recent attacks are increasingly taking advantage of home computers with simple Web servers installed. The victim's machine is typically directed to a new home computer server through an IP address instead of a DNS host name. The URL of a legitimate Web site uses the host name.
10. Carefully enter the URL to avoid errors
Users should never attempt to access a malicious software site, but accidents can always happen. Incorrectly entering URLs will usually log in to certain sites waiting for you to come. If your browser does not have all the patches installed, you are likely to download the malware during the download process.