Forums  ›  Dolphin 6.1  ›  Tips
 

Security Hardening for shared hosting

Security Hardening for shared hosting
Security Hardening for shared hosting


You can find all my guides and tips in the "Articles" section of this site.

I was just curious how do you feel about using SourceGuardian or IonCube?

That is what I did, and wondered how much Security are these programs adding.

I also am implementing many of your security tip

The only thing I've really seen any thing done with this is IonCube Loader. It tends to be used by the company that creates a script to protect there files such as licensing/registration. I've never really seen it used for security on an end users web site. Generally something is encoded whether and IonCube decodes it to make your site work. If you try to remove it your site stops working. If you take a guess at it editing it, you pretty much can't figure it out because the encoding is almost impossible to guess.

SourceGuardian I am not as familiar with but it sounds like it is the same concept. Being that it is more for the script creator/writer to protect there script license, links, registration and things like that more than a security feature for an end user.

I believe all hosts are concerned about security, but I do think some keep up and do a better job than others. Some setups are more secure than others. Sometimes the host will have to give up something for having a more secure setup such as a slightly slower running server, and some do not like that.

Scripts themselves vary in terms of how secure they are. I don't know that any can really say they are 100% secure. The more popular it is the more the bad guys like them. Phpbb Forum used to be one of the most followed by hackers. Don't know if it still is. This was partly because it was free, mods and add-ons were posted by everyone and nobody really cared if the mods were secure. They just thought they were cool and wanted them. Many people would install it, but never check back for any security updates or exploits. I don't really follow it anymore, but I recall tons of people complaining about there phpbb forum getting hacked.

Some scripts do an excellent job at releasing patches for an exploit and clearly posting it. While other company's don't want to hear about it when one is mentioned. They think it's bad business. So rather than releasing a patch they just keep it quiet. Then sneak it in to the next or new release.

Anyway it's kind of a no win situation. The bad guys seem to always be one step ahead. Unless you created a script all you can do is wait for a patch. And tighten up what you can on your end. Read up and follow security articles and sites.

The more popular a site becomes the bigger target it also becomes.

Forums  ›  Dolphin 6.1  ›  Tips