After all my recent incidents and server issues, I have been thinking lots about protecting my sites from being hacked (or whatever they did) again.

I work really hard to try and make a living and genuinely quite proud of most of the work I do, for some heartless person to come along and destroy it, knocking me for six for a week.

After almost a week of my sites being trashed and dysfunctional, and a week of hardly any sales as a result I thought it was about time to make sure I backup properly (not that I didn't take backups before), and have measures in place to try and prevent someone doing this to me again.

But when I look at the options I'm confronted with a mountain of jargon, most of which I assume is uncessary and just sales speak from the hosting guys. But what is useful?

I currently do daily backups. What else can I do to stop myself being hacked and out of action for a week or so?

your host should be doing most of this work for you, as they are the ones controlling the server. Make sure you have a firewall running, make sure your o/s software is up2date, if you are running any scripts at all then make sure they are the lastest versions and check at http://www.frsirt.com/english/ to see if there are any known security issues. Avoid chmod 777 on any folders, especially any folders called temp or tmp.

Your host should have the server setup so that the temp file is in a jailed environment, they should also be running regular rootkit checks and should have monitoring that auto alerts them of anything strange like excessive traffic or excessive server loads.

oh yeah, and the most obvious, use strong passwords like ^@ar20$i@HaD and use different passwords for ftp and admin, and avoid using the admin account for anything.

And if you really want to get serious about sniffing, use a secure FTP program (your server ftp account will require ssh permissions to use this).

Stuff like this has always made me nervous but thankfully I've never had an issue. All my servers are RAID5 with specific daily back-up routines being run, as well as a full weekly back-up to a dedicated back-up server. In theory this should mean that even if my main servers died I could be back online within 12 hours and only have to go through the pain of getting CCBill and Epoch to rebuild the members password file.

I guess my hosting company must be on their toes too, which is good to know, but maybe you might want to consider getting your hosts to do a weekly back-up to a different server for you too?

Upgrading your scripts when the vendor says there is a security hole in your version installed is a good idea too. ;-)

Jimmy

... if my main servers died I could be back online within 12 hours and only have to go through the pain of getting CCBill and Epoch to rebuild the members password file.
...

12 hours? We can have our backup server up in 1 minute or however fast the dns caches update.

Jimmy

12 hours? We can have our backup server up in 1 minute or however fast the dns caches update.

Jimmy

Exactly... I am told DNS can take up to 24 hours to propogate around the web. And also, one online server would crash very quickly... the timescale has to take account of rebuilding / configuring several servers ;)

I use WinSCP (http://winscp.net/eng/index.php) for all my FTP stuff, its free and IMO very good all round.

Luke is right also most of it is down to your hosting company, and also using secure passwords etc.. Funny enough the time I got hacked I was using what was considered to be one of the most obscure password combinations I have ever used, mind at the time I was not making secure FTP connections.

EDIT : DNS propagation at very worst from what I found is about 4 hours.

Thanks for the tips. I guess I'm doing as much as I can in that case.

DNS propagation at very worst from what I found is about 4 hours.

My experience is that will be the case about 90% of the time. The remaining 10%, it can be 24 hours or sometimes even 48. The reason is there are a few crappy ISPs, usually in the middle of nowhere, that don't update their local DNS cache more than once a day or maybe even every 2 days. Back in 2002, Pacific Bell Internet in northern CA was famous for not updating their cache for up to 7 days(!). Fortunately, sanity finally prevailed and they changed their policy.

But almost all your customers will, as Andy says, see the new server within several hours at most.