Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Web Security Check Guide ====== * Is My Website Hacked? Find Out With This Checklist * ref: http://www.whoishostingthis.com/resources/website-hacked-checklist/ * Google web check: http://www.google.com/safebrowsing/diagnostic?site=yourdomain.com * sucuri check: http://sitecheck.sucuri.net/ * ref: * https://www.nutsandboltsmedia.com/how-to-find-out-if-your-wordpress-site-has-been-hacked/ * http://www.chriswiegman.com/2013/06/how-to-tell-if-your-site-has-been-hacked/ ====== Apache Web Server intro ====== * a common and popular php web server ====== httpd.conf ====== * notes: * path uses / as seperator * .htaccess is per-folder httpd.conf (if allowed), but all-in-one config in httpd.conf is faster for server to process. **Info Configure Syntax** * define apache root path. * define listen port <code> Listen 80 </code> ---- **Directory Config** * define http root directory and its directory rights <code> DocumentRoot "D:/my_Server/htdocs" <Directory "D:/my_Server/htdocs"> AllowOverride All Require all granted </Directory> </code> ---- **Multiple Sites on Single IP** * VirtualHost config in httpd.conf and hosts file config<code> NameVirtualHost 127.0.0.1:80 # allow that directory access if not under http root <Directory "D:/my_Server/test01_com/htdocs"> Require all granted </Directory> <VirtualHost test01.com:80> ServerName www.test01.com ServerAlias test01.com DocumentRoot "D:/my_Server/test01_com/htdocs" CustomLog "D:/my_Server/log/test01.com.access" combined </VirtualHost> # allow that directory access if not under http root <Directory "D:/my_Server/test02_com/htdocs"> Require all granted </Directory> # test02.com:80 for that domain or IP, *:80 for any IP # server admin for optional providing admin contact if error <VirtualHost test02.com:80> ServerName www.test02.com ServerAlias test02.com ServerAdmin admin@test02.com DocumentRoot "D:/my_Server/test02_com/htdocs" CustomLog "D:/my_Server/log/test02.com.access" combined </VirtualHost> </code> * hosts <code> 127.0.0.1 test01.com 127.0.0.1 test02.com </code> ====== .htaccess tutorial ====== * a text file that config how Apache server do with the directory * tutorial: * http://www.freewebmasterhelp.com/tutorials/htaccess/ * https://httpd.apache.org/docs/current/howto/htaccess.html * http://www.htaccess-guide.com/ * https://code.tutsplus.com/tutorials/the-ultimate-guide-to-htaccess-files--net-4757 * https://www.branded3.com/blog/htaccess-mod_rewrite-ultimate-guide/ * turn off apache version note: * ref: https://www.tecmint.com/apache-security-tips/ * example <code>ServerSignature Off ServerTokens Prod </code> ====== Advanced Website Security Setup ====== * read more on [[appwiki:apache|Apache Web Server intro]] * limit website access through certain IP or IP range * change Apache site directory .htaccess file <code> <Directory /docroot> order deny,allow deny from all allow from yourIP allow from yourIPv6 </Directory> </code> * ref: http://httpd.apache.org/docs/2.0/sections.html#filesystem * http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow appwiki/apache.txt Last modified: 2021/08/28 08:00by ying