Shulou(Shulou.com)06/01 Report--

Recently, I have set up a website, which has been safe for a while. I can write a summary when I have nothing to do at leisure, so it is convenient to check it later.

It is recommended that the less open ports on the server, it is best to disable the ping server to log in with the secret key, prohibit the root account login application, do not use root to start! Mysql, nginx, java programs are best started by other users. Also, the running user is not allowed to modify the source code! If the program has the function of uploading files, the corresponding directory cannot have the permission to execute. With regard to the question of exposing the real ip of the server, if you are a web website, you seem to have no choice but to buy high-imitation IP. My website does not care at present, using cdn does not seem to have much effect for publicly visited websites, we must do a good job to prevent xss, CSRF, sql injection * *, specific how to defend, please Baidu. Don't try to guard against ddos***, but Aliyun has a free defense of 5G, so you can't go to bed early. Rich people also said that do not think that the user's input is legal, must control the content of the input. The application should be handled in a defensive manner. Ensure the security of the application. Generally speaking, what we advocate is that it is best to install a fail2ban for defensive architecture and defensive programming servers, enable sshd, sshd-ddos, mysql protection, and cooperate with nginx monitoring logs to protect. What we remember now is to do a good job of nginx website current limit configuration, modify linux system kernel parameter configuration, sysctl.conf.

Now the technology has been very developed, network security is difficult to prevent, there is no 100% security, the above advice for the general company website, almost enough. I think so much for the time being, but I'll add it later.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.