UO: Security on Pages
By Daniel Mundra
Like my last two posts every University of Oregon Faculty/Staff/Student has space to host files, webpages, wordpress or anything else. When you are hosting your stuff please be proactive in securing your files. Here are some points to keep in mind:
- When you put your files in public_html they are open to the Internet. You can secure them using this guide or using a .htaccess file.
- Do not make files/folders 777 i.e do not give permissions to everyone edit. Yours pages.uoregon.edu/duckid is on the same server as everyone else. If you give others permissions to edit anyone who has access can then edit you files. To check for 777 files in your space you can run this command:
find -type d -perm 777
- WordPress/Drupal and any other site that can upload files and save it to your space directly execute the commands as you. This is same for sites that allow execution of code. Please remember to make such sites login secure to stop outsiders from gaining access and executing malicious code on the site.
Be conscious of the sites you have running on your space and the files you are hosting.