Weekend Projects – Securing Folders

Published on May 30, 2009   //  Weekend Projects

Weekend Project

Last week we worked on Geotagging our site so that local people will be able to find our site easier. This week we will look at a quick method to secure your folders from hackers trying to gain access or deface your sites. Anyone that is using open source software should know they are at greater risk of being exploited by hackers and should be security conscious when using that software.

Basic Security
If you have a folder, like your images folder, where you do not want someone to browse it you can add a blank index.html page into that folder. This will prevent anyone from viewing the contents of that folder. The problem with this method is that in open source software it is very easy to find the files because they are all stored in the same location. Adding a index.html file to your folder will prevent basic nosey people from browsing folders they should not be browsing. For example with WordPress I can go in an see what plugins you have installed by going to www.yourblogurl.com/wp-content/plugins/.

General Security
A lot of open based software requires you to set folders to a permission of 777. This means that those file and folders are read and writable to anyone. The result is that someone could maliciously use your site for phishing or spamming by uploading their own files in to the insecure folder.

For some software’s they only require the folder or file to be set to 777 for the initial setup to write configuration information. For example WordPress wants you to set your theme files to writable so you can directly modify them from your admin area. This is a great feature but I would suggest once you are done editing them that you set the folder and file permission back to what they were originally.

From time to time you will need to have folders set to 777 so you can upload images. You can secure these folders from certain files being browsed in those folders by creating a .htaccess file and adding the following to it…

<FilesMatch “.(php|php5|php4|php3|htm|html|shtml)$”>
 Order Allow,Deny
 Deny from all
</FilesMatch>

You can add other file types to the end if your server supports them like ASP would be |asp.

Advanced Security
There are certain folders in most open source software that hackers will look for exploits. Folders like an include folder are usually hit hard on sites. We do have mod_security installed on our own servers to block a majority of the well known exploits. To be more secure you can add your own layer of security by adding a .htaccess to your own include folders to prevent browsing of those folders completely. Add the following to the .htaccess

<limit GET POST PUT>
order deny,allow
deny from all
</limit>

This will prevent anyone from viewing that folder at all. Some times the include is in an admin area where you or several others only need to see it. You can secure it the same way but add an allow based on your IP. Again create a .htaccess file, find your IP address and add the following…

<limit GET POST PUT>
order deny,allow
allow from 212.54.122.33
deny from all
</limit>

You may need to tweak or combine these various methods to ensure the best security for your folders.

If you get stuck let me know in the comments.

In The Sphere: Money, Work and Investments

Published on May 29, 2009   //  In the Sphere

Even though the temperatures are rising, the sun is shining, and the birds are singing, many of us still have the economy on our minds. This is perfectly understandable, because while money certainly isn’t everything, it is definitely a requirement in our society. For this edition of In The Sphere, we explore finances in many of its different forms.

Starving College Girl, who some of you may know simply as Lesley Chang, had the unfortunate luck of recently getting laid off. It’s not like the loss of this job came out of left field, but this still puts a serious dent in her financial plans. This is particularly disconcerting, considering that Lesley will soon have to pay $9500 in tuition! Despite all of this, this college gal is maintaining a positive outlook and is working toward a brighter future.

Consumerism Commentary flips conventional wisdom on its head when it comes to real estate. Contrary to what nearly everyone else will tell you, that blogger feels that your house isn’t a good investment. You’ll keep pouring money into repairs and maintenance. The post also notes that “real estate barely beats inflation” in the long run. Do you agree?

John Chow seems like he is leading quite the dream life, being able to earn lots of money while pursuing what he feels is just a hobby. One of his keys to living the dot com lifestyle is to make passive income. This way, the money you make is not directly related to the time that you work. It’s money that generates itself, in many ways, allowing you to spend that time with your family and friends instead.

Dragon Blogger realizes that the world is definitely getting smaller and it’s easier than ever to receive payments from people all around the world. At the same time, Twitter is very much on the rise. How can we combine these two phenomena? Well, that’s where TwitPay: The PayPal of Twitter comes into play. In effect, you can tweet funds over to anyone who can accept money through the Amazon Payments system.

Foximus has a very interesting article on why everybody needs a credit union rather than a regular bank. The key difference between banks and credit unions is that the former have customers whereas the latter have members. In this way, credit unions appear to have a greater obligation to the people who hold accounts with them, including a profit-sharing arrangement. Do you have a credit union?

Friday Funny

Published on May 29, 2009   //  Cartoon

A cartoon created by an artist from HubSpot.

hubspot-social-media-marketing-madness-cartoo

If you have an idea for a future comic or would like to submit your own BlueFur cartoon let us know in a comment.

Moving Beyond SSH: Starting Services on Boot

Published on May 29, 2009   //  Development
Off

Moving Beyond SSH

At some point in time, you’ll probably need to restart your server. When you do this “essential” services, such as MySQL, Apache and Bind, will be shutdown and not started back up again when the server resumes. Which is fine, because usually you’ll just SSH into your server and start the services you need back up again. However, this isn’t very convenient, and there might be times when you don’t have access to an SSH client immediately after you reboot your server.

There is a better way to do this: start these services automatically when the server is started (“booted”). We’ll start MySQL, Apache, our firewall and Bind on boot, which I consider the essential services for a web server. Let’s start with setting up MySQL to start on boot. Login to SSH, and execute these commands:

cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql
chmod +x /etc/init.d/mysql
chkconfig --add mysql

Now, to setup Apache, our firewall and Bind to start on boot. Start by opening up /etc/rc.local:

nano /etc/rc.local

Then add the following to the end of the file:

apachectl -k start
csf -s
/etc/init.d/lfd start
/etc/rc.d/init.d/named start

Save and close the file. There you have it, your web server essential services will now start on boot. Automation, it’s a good thing.

Social Media 101: Follow Friday

Published on May 28, 2009   //  Social Media

socialmedia1011If you have been on twitter for awhile I am sure you have encountered the #FollowFriday phenomena. The idea behind this was to share a person or group of people that you feel your follows should follow as well.

In recent months the #FollowFriday has become frantic and the meaning has started to lose it’s value.

I have seen the following trends…

  • Multiple people being listed with the hash tag #FollowFriday. It seems to some it is a contest to see how many people they can fit one tweet.
  • Multiple #FollowFriday tweets.
  • No reasons provided as to why we should follow the people listed.
  • People retweeting others #FollowFriday for no reason.
  • People retweeting #FollowFriday that they are listed in.

I will start off by saying you can do whatever you want on twitter in regards to #FollowFriday. If your doing what your Social Media plan is and it is working then by all means continue.

If #FollowFriday does not change then the purpose of it will be soon lost. More people are starting to see the tweets as just noise. Less and less people actually are following because it is seen as noise. When there is no value in doing it to anyone then it will die.

My suggestion is that if your going to do a #FollowFriday tweet you should limit it to one person or one group of people that have something in common. You should be able to provide a bit of details as to why we should follow.

An example is…

My #FollowFriday is @example. He is a father, an entrepreneur, a hockey fan and good at helping me with php issues.

What do you think? How do you do #FollowFriday?

Marketing 101: On-Car Self Promotion?

Published on May 28, 2009   //  Marketing Tips

There are a number of different strategies that you can take when it comes to promoting your business. Depending on your budget, you may invest in a series of advertising spots in the local newspaper or on the local radio station. Depending on your niche, it may be more appropriate to look into online advertising possibilities. There is also the aspect of social media that can be utilized, connecting with customers through Facebook and Twitter. Another path that you may consider is advertising on your car.

Most of us are already familiar with company cars that come with plenty of company branding. When a Telus representative comes to set up your phone line, there’s a good chance that he’ll be driving a van with a big Telus logo on it. That van, however, is very much company property and it is only used for company purposes. For smaller businesses, do you feel that it would be appropriate to brand your personal vehicle? Would it be useful to have company branding on the same car you use to drive the kids to school in the morning?

This appears to depend on your target demographic. If you are hoping to attract local customers, the brand presence in your neighborhood can be effective. Gary says that this is a “good way to promote yourself locally.” While something possibly damaging like vinyl stickers and door wrap may not be the best idea, Christina Gayle suggest the use of vinyl cling or a car magnet. This way, you don’t ruin the paint and you can remove the branding when it may be less appropriate.

Some people may want to have a distinct separation between their work lives and their personal lives. For those people, such a promotional technique may not be desirable. For others, the lines are much more blurred and they can take any opportunity that they can get. What would you do?

Page 1 of 1012345...10...Last »