Please enable JavaScript to view this site.
RJdesign.one Logo Fast and secure websites

Secure websites

RJdesign strives to make websites secure:

The sites use the Linux UFW (uncomplicated firewall) and iptables (which Ubuntu is in process of replacing with nftables).

     The UFW firewall blocks all ports except those needed to carry on business such as 80 and 443. Blocking all ports but a small few reduces the website's attack surface. Iptables is then used to block all sorts of scan types and attacks. For instance, iptables can be set to block pings and can be used to thwart malicious tcp scans.

Another tool is Fail2ban. Fail2ban can be configured to function as an intrusion detection and prevention system. Free Fail2ban scripts are available, while I've written a few of my own. Rules can be set up to detect bots scanning for login and admin pages or those attempting to inject harmful payloads. Once an attacking IP address is detected, Fail2ban puts the IP in a designated jail.

Tools such as Apache's mod_evasive are highly effective for blocking denial of service attacks. I had the rules set so tight, that mod-evasive blocked the IP address of a broken link checker that I was trying to use. So I had to go into the system to allow the broken link checker IP address to conduct its scan.

Protecting administrative logins and passwords is also important. All RJdesign sites' stored passwords are encrypted, and not held as clear text. A hash of an entered password sent over the encrypted SSL communications link must match the stored hash of the given password. As further protection, users logging in to the site's content management system are locked out after three bad attempts.

     And, finally, writing good code is paramount. I wrote the code for the content management and blogging system used by this site. I've been careful to analyze the code for vulnerabilities and have tested the code with a variety of tools such as Burp Suite and others.

And it goes without saying, keep all systems up to date. Running old software systems is akin to leaving the doors open.

     It is common for web designers to author the site, often in WordPress, and then hand off the website to the customer. The customer is then responsible for hosting the site. In such instances, WordPress and its many, many plugins are generally not kept current. The site ages until it is using old, no longer supported versions of Apache, PHP, MySQL and other software. The web hosting company is often not patching the underlying Linux operating system. At that point, the site can be hacked using known vulnerabilities for older unpatched software. RJdesign sites, on the other hand, are kept up to date with newly released Ubuntu operating system patches and the current patched versions of supporting software such as Apache, PHP, MySQL, Python (used for Fail2Ban), Composer and MobileDetect, etc.

     With RJdesign, you are not hiring a one-time designer. You are hiring a webmaster, who will function as an adjunct to your staff. Webmasters are sometimes seen as an extension of the marketing department or the IT department or both.





Contact