Here are some solutions to the problem: renaming the file at boot time to make sure the resolution is correct; changing permissions for a file, for example, to chmod 0666 so that it cannot be executed. A visit to https://toto-rox.com makes everything perfect now.
- If your files are not directly accessible, you will need to create a script (or HTTP handler in .NET) to extract them from a private folder and give them to the browser.
- The img tags support the src attribute, which in this case will not be the direct URL of the image, but will point to a file extraction script. Also, do not forget to specify the correct content-type HTTP header in the script.
- Most hosting providers make the necessary server settings for you, but if your website runs on your own server, then there are a few more things you need to check.
Make sure you have a firewall configured and it blocks non-essential ports. If possible, configure DMZ (demilitarized zone) by opening access from the outside world only to ports 80 and 443. Although, this may not be possible if you do not have access to your server from the local network, since in this case you will have to open ports that allow you to download files and remotely control your server via SSH or RDP.
If you allow downloading files from the Internet, use secure transfer methods such as SFTP or SSH. If possible, select a separate server for the database other than the web server. At the same time, the database server will not be directly accessible from the outside world, only your web server will be able to access it, thereby minimizing the risk of theft of your data. Finally, remember to restrict physical access to your server.
SSL
SSL is a protocol used to ensure security when transferring data over the Internet. It is a good idea to use a security certificate every time you transfer personal information between a client and a web server or database.
Attackers can listen to the communication channel and, if it is not safe, intercept the transmitted information and use it to gain access to user accounts and personal information:
Website Verification Tools
When you already think that you have done everything possible, it is time to test the security system of your site. The most effective way to do this is to use site verification tools, also known as penetration tests or pen tests.
There are many commercial and free products available for this. They work according to a scheme similar to hacker scripts, using all known exploits and trying to hack your site using one of the methods described above, for example, using SQL injection.