Mask Your Website Weaknesses

Make it harder for scanners/ hackers to identify vulnerabilities/ exploit you - Even when your system is vulnerable!

This is important!

• Use generic error pages - For instance, silently redirect 404, 403 errors to your home page
• Disable ALL error reporting on your system

Disable Directory Listing

Directory Listing enables an attacker access to restricted data: E.g backup, conf files forgotten in the web-root

• In your .htaccess file, add this line: Options -Indexes
• Else, having an index.html page in the directory prevents listing as well

Server Hardening

This is important!

• Disable SSH root login
• Limit failed SSH authentication attempts. E.g to 3
• Use a different SSH port other than 22
• Disable FTP; it's authentication is in clear-text (Use SFTP above)
• Disable Telnet
• Whitelist allowed ports: Typically: HTTP/S, SMTP, SSH

Preventing Injections

E.g SQLi, XSS, Command

• Never trust any client generated input - Always sanitize it