Please Help Newbie

[spaguy]

Hi All

In the next a few days hopefully after the storm has blown over I will have my primary domain name and two addon domains up and running on the shared server.

I have been reading many posts on the forum about security, permissions and spammers.

For the last 12 months I have been on a VPS and not worried too much about the above, maybe I should have.

I am now paranoid if I get things wrong here it will not only affect my service but worse it could impact on others using the same server.

Most people on the internet have forgotten more than I know so any help would be more than appreciated.

I know how to change permissions but have no idea what to change and what to change it too. As for security and spammers on a shared server well that’s way over my head.

If you have any thoughts as to where to start and what to do it would be great to hear them.

Many thanks

spaguy

[striddy]

1. Make sure all passwords you set aren't a dictionary word and use many characters. Use both upper and lower case letters and a combination of numbers, etc. If you can't remember them, use a password manager like roboform.
2. Same as point 1.
3. Same as point 2. (see a pattern)
4. Make sure your directory and file permissions are set correctly.
5. Ensure any scripts / blogs / cms / forums, etc that you are using are current and have any patches applied.

[spaguy]

Hi

Many thanks for that. I have taken all that on-board and will go through all my password one by one.

Directory permissions are a problem though as I do not know what to change and what permissions to give.

spaguy

[gwyneth]

Besides David's excellent advice (to which should be added change your passwords frequently), be sensible about anything on your site that allows input from visitors.

If you've got a forum, you can be careful or careless about registration; new member posts (whether moderated; whether allowed to use HTML, images, outside links); and the perception you instill in members about moderator vigilance.

Double that about blogs and comments. Some plug-ins are just asking for trouble.

Triple that about wikis, particularly wikimedia.

And that's just the baseline. Depending on your subject area and target audience you may need to ratchet it up.

[Pazeh]

when you install scripts, you will have to make changes, specially configurations, try to document, yes!! on a paper or word document as much as possible what were the changes you did and when!!

Just in case is something went wrong, you know what to change back to the initial value! print screens do help a lot @ this stage too

As for the directory permission, try to avoid using the 777!! although a lot of scripts do ask you to set some files / folders to 777 try to install them with 755 permission, if it fails then set the directory/filename to 777!

After your done with the installation & if you changed any permission to 777 rechange the permission & put it back to 755!! try to avoid using the 777 permission as much as possible!

[spaguy]

Again

Many thanks to both David and gwyneth for your excellent help and advice.
I now have a password generator which I think will be working overtime for the foreseeable future.

Blogs and forums are a little down the road yet but I will refer back to your post when the time comes.

What worries me is the basic set-up to start with on my three sites and from what I hear its seems the permission are there at the top of the priorities.

spaguy

[spaguy]

Hi Pezeh
Many thanks that really helps and gives me a starting point and a good tip for keeping track of what I'm doing.
When you say if it fails do you mean when logging into the site or any part of the site through the browser?
Sorry to ask such basic questions but that's level I'm at :-)
spaguy

[Pazeh]

well if you won't install any CMS / Blog / forums you don't have to worry too much about the permissions.

As for the "failed", I meant when a script (cms/blog/forum) fails to install / setup & gives you a "warning" about the folder/file permission

The default permission 755 should be more than enough for you if you are not going to install any scripts & will use your HTML/php pages!

[spaguy]

Great thanks a load that makes me feel so much better.

I am sure I will be back here sometime in the near future when I start setting up my Blogs.

I appreciate all your help.

spaguy