LOL!, nice one Peter. But you forgot they need to harden the webserver service too. ./Chucks On 10/27/11, Peter Karunyu <pkarunyu@gmail.com> wrote:
Me too: Web Server Setup 101 1. Zip and .sql files Never ever put zip or sql files in a web accessible folder, ever. Especially if the said zip files contains source code. If you you have to, upload them then rename them to some weird extension, or none at all, but, as soon as you are done with them, delete the damn thing!
Wait, thats wrong. Let me try again: Never ever put non (php, html, css, js) files in a web accessible folder.
2. index.html/index.php Always have an index.html file in the top level www folder and in any other folder that contains important things. This index.html can be blank. OR Use some .htaccess rules to prevent directory listing.
3. Rule number 3 Please re-read number 1.
On Thu, Oct 27, 2011 at 11:19 AM, TheMburu George <themburu@gmail.com> wrote:
@Ndungu if u have deployed servers, then you would know the first step to harden the server before you take it to production then leave everything exposed.
Tho i agree, kinldy inform them and I offer to assist.
Rgds ./TheMburu
On Thu, Oct 27, 2011 at 11:04 AM, ndungu stephen <ndungustephen@gmail.com> wrote:
Hey guys be kind - the guys are on this list [?][?][?]
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Conservatism is the adherence to the old tried against the new untried.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, Peter Karunyu -------------------
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/