Even well-written code may be subject to vulnerabilities if the web project is hosted on insecure configured hosting.
Consequences of unsafe configured Web server can become a hack and subsequent trapping site over.
In this connection, a placement of site on safe hosting becomes especially important
The following recommendations are based on best practices and experience of our security experts to protect projects in the H-SCRIPT from hacking:
Hacking-resistant hosting must possess a number of characteristics, among which, primarily, we can distinguish:
*Protection from OWASP Top 10 Application Secuirty Risks, including SQL Injection, XSS, PHP-Including etc.
*Security of network connections (limit incoming / outgoing connections via iptables)
*Security level users and groups
*Security access rights for file system objects
*Safe execution of php code
*Sending an e-mail notification about possible security incidents.
The server must be deployed WAF (Web Application Firewall), such as mod_security, thereby greatly reducing the likelihood of a successful hacking of web server.
Also reconfigure PHP and the system environment for the safe execution of code (disabling potentially dangerous functions, preventing the execution of RFI (Remote File Inclusion), perform web shells, exhibiting adequate system environment rights to files and directories).
To prevent run not-PHP Web shells – the ability to perform perl, python, ruby, etc. on behalf of the web browser server is highly desirable to disable.
To prevent possible exploits compile and run the bind / back connect backdoors – GCC and NC must have the appropriate permissions (i.e. 750 or 700).