I decided recently to dig into the Killersites website (on the directory level,) to see what I could clean up. It is one of the oldest web teaching sites in the world, it’s been online for over 19yrs now, and so it has had many changes over that time.
After 19yrs, you find yourself with a website directory structure that is deep and riddled with many nooks and crannies. So I went on the hunt and found some bugs down deep inside.
… 4-5 hrs later, I was able to clean house. I think! In the process, I gave Killersites a much needed spring-cleaning, if you will. I got rid of a bunch of pages and sections that might have some historical/sentimental value to me, but was filled with dated and irrelevant information. Besides, these are spots that hackers can leave their smelly eggs behind!
Some words of advice:
- Keep your sites clean in terms of the directory structure.
- Use a consistent naming convention for files and directories. This will make easier for you to spot malicious planted code.
- Delete your cgi-bin if you are not using it. Malicious code can be dropped into those.
- Don’t use PHP pages unless your site absolutely needs it. Each new PHP page is a potential attack point.
- Once your site is up and running where you want it to be, create a clean copy of it on your computer and zip it. This backup might come in handy if you need to wipe out an infected site. Of course, backups after each change is a must do.