Hungerford Web Design Blog

You may (for whatever reason) store particularly sensitive information in your webspace. Passwords, links, and anything else.

You may want to be able to access these files by FTP for example, but do not want someone stumbling across them and being able to read or use them. Here we will deny external access to those files using a .htaccess file.

You will require that your server has the mod_access module installed for these rules to work.

In our example, we have a password file stored in /home/username/www/passwords/my-passwords.psswd

We create a .htaccess file (that is “DOT”htaccess) and within it:

<Files ~ “\.psswd$”>
Order allow,deny
Deny from all
</Files>

Save the file and upload it to the directory holding the files you wish to protect (in our case /home/username/www/passwords/ )

Simple

One of the things which gives a potential attacker some help is them knowing which versions of software you use. This can be very easy to find out, particularly if you have never taken steps to secure this information.

For example: I would like to know what software apache.org are using/have used so I look at netcraft (for example) http://toolbar.netcraft.com/site_report?url=http://www.apache.org

192.87.106.226 Linux Apache/2.2.3 Unix mod_ssl/2.2.3 OpenSSL/0.9.7g 12-Apr-2007

I now know that I should look for exploits relating to linux, apache v2.2.3, mod_ssl 2.2.3 and OpenSSL0.9.7g.

By hiding this information you can either report simply “unknown” or just “apache” and no other info. This doesn’t directly make your box more secure, what it does do is start to make the task more difficult for a would-be attacker and for such a small amount of effort it really does seem silly not to do it. So how?

The first thing is to set the ServerTokens directive. I am using a RH linux box so if you know your OS differs, find the corresponding location of your httpd.conf: (more…)

Ever since folders and pages were concieved, people have asked which is best. Do I want http://www.hungerfordwebdesign.com/ or http://www.hungerfordwebdesign.com/index.php ?

Well, the truth is that it doesn’t really matter. What matters most is that anyone linking to you is using the same link all of the time. Therefore search engines which crawl these sites will always index your site in the same way and thereby increase your presence.

There are a number of ways of achieving this, you can use your htaccess as follows:

(more…)

A number of questions SHOULD be asked when attempting to produce a good SEO portfolio for your site. I have listed some of them here to help:

Q:Do I need a third party consultant/company?
A: This really is dependant on either your existing knowledge about SEO, your funds and how quickly you would like results. If you do decide that SEO really isn’t an area of expertise for you then it really is best to find a professional to complete the work. Make sure they really know what they are doing though or you will be wasting your money. Some of the other questions here should help you.

Q: What is pagerank and do I need to worry about it?
A: PageRank is an algorithm (mathematical equation) used by Google to represent the importance of a page and its content. Google uses this algorythm as a factor when deciding how to place your site within its index. A number of factors can affect your search engine ranking and pagerank is a significant one (but not the be all and end all).

(more…)

I have been away for a while working on a number of projects but I have cleared the diary to add some more value here. If you have anything you would like to discuss or you would like some advice on any of the topics we cover here, please contact me.