网站管理

安全检查列表 5 - 网站管理

网站管理

使用足够复杂的密码

Change passwords regularly and keep them unique. Use a random combination of letters, numbers, or symbols and avoid using single names or words found in a dictionary. Never use the names of your relatives, pets, etc. Search the forums for a script supplied by Wizzie that automatically changes passwords. This is a great tool for administrators or multiple sites.

使用分级的口令策略

Most users may not need more than three levels of passwords and webmasters no more than five. Each level must be completely unrelated to the others in terms of which usernames and passwords are used.

做好网站的及时备份

Never rely on others' backups. Take responsibility for your backup procedures. Many ISPs state in their contract that you can not rely solely on their backups.

良好的入侵检测机制

VPS and dedicated server users can run TripWire or SAMHAIN. These applications provide exhaustive file checking and reporting functionality, and can be installed in a stealthy manner to help protect themselves in the event of a serious infiltration. (Note: Users of shared servers can not use this technique.)

使用自动的网站入侵检测

Use an Intrusion Prevention/Detection Systems to block/alert on malicious HTTP requests.

• Google search

执行手工的入侵检测

Regularly check raw logs for suspicious activity. Don't rely on summaries and graphs.

及时对网站程序更新及打补丁Stay current with security patches and upgrades

Apply vendor-released security patches ASAP.

经常性的寻找网站漏洞

Perform frequent web scanning.

• Google Search

经常性地寻找SQL注入漏洞

Use tools such as Paros Proxy for conducting automated SQL Injection tests against your PHP applications.

• Google Search
• Wikipedia Article

使用shell脚本自动完成安全任务

Search the forums for these popular scripts:

• Joomla! Version Checking
• Joomla! Component/Module Version Checking
• Exploit Checking

了解安全软件

There is not a single tool that can protect your site. If there were, it would be so heavily targeted that it would probably become a liability.

请安全专家检查网站的安全性

Every now and then hire a professional Joomla! security consultant to review your configurations. Do you remember the adage, "Anyone who acts as their own lawyer has a fool for a client." The same goes for Web development. Don't expect to catch all of your own security mistakes.

Choose A Checklist

1. Getting Started
2. Hosting and Server Setup
3. Testing and Development
4. Joomla Setup
5. Site Administration
6. Site Recovery