Re: [bitfolk] How to build a webstore

That's a big topic but I feel confident that if you took simple measures such as: - Stay absolutely on top of security updates for the application itself

- Put some effort into securing any administrative web interfaces, like phpmyadmin or whatever - Restrict administrative access wherever possible, as much as possible - Reiterate those restrictions with IP-level blocks, for example, if only a few people need access to particular URL spaces used for admin functions, then by all means restrict access to those URL paths by IP address. That would be like the wp-admin/ URLs in Wordpress - why let people view them if you don't need to? - Make as much as possible of the web space the application runs from read-only - Research the given application's community for tips and tricks of securing it. There are often simple measures that frustrate the vast majority of the attacks out there. then I think you would be ahead of 90%+ of the other people running the same popular app. And that is really all you need. Most compromised VPSes I see did none of the above and attackers got in via very simple means. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting "SCSI is usually fixed by remembering that it needs three terminations: One at each end of the chain. And the goat." — Andrew McDonald _______________________________________________ users mailing list users(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/users Email had 1 attachment: + signature.asc 1k (application/pgp-signature)