Thanks guys, this is an absolutely great help at exactly the time I need it and I will be back to these posts and links again for sure. Weiry's virtual box idea for testing and returning backups is great. Celauran mentioned something like this before. I was planning to go back and look it up. I read about this Virtual Box product last night but did not connect this idea together with testing backups.
Here is something to give back (as best as I can). Maybe not for you guys but for others in my (heavy learning curve position).
I just took stock (in the form of a spread sheet) of what I have to learn about security and I figure it will take me six months to a year. It is a big task but I think back a year and I don't feel too bad. Last year at this time I did not know these even existed. (PHP, MySql, Apache, Javascript, jQuery, Domain-names, etc). Today my website with [110 pages + 110 help pages + 32 MySql tables + some PHP routines that are pretty complex matching records processing] went live and the website itself (without hackers to screw it up) is working great. Before my website went live, when I read about security, I would get sleepy. Now that the test is here I am wide awake about it and I am finding it very interesting actually. It is funny how pressure and timing work on the mind.
To deal with the complexity of learning this with material scattered everywhere with lots of duplication, I created a spreadsheet as a form of info gathering tool and todo list. It is basically a specialized record of what I have done and should do next. For anyone in my current position, here is the column format.
1/ Description of to-do (can add an excel comment if needed). 2/ Importance score (1 to 10) (helps me decide what is next) (can sort it). 3/ Done or not-done (+ small comments) (make it red if very high priority) 4/where I read it (description in the header and URL link in a 2nd header ") Column #4 repeats across the sheet for every source (Often 10+ sources)
To make the picture of this spreadsheet more clear, lets say (row 5, column 1) was "Create Fire Wall (allow ports 22, 25 and 80)". Column #4 might repeat 10 times with "yes" at maybe three of the intersections. If the source is especially good I may put a different comment such as "Great! See bottom of page (or whatever)". Or maybe I could put "Great - see excel comment). If you don't know MS-Excel you hover over the cell to see the comment pop up.
So creating this spread sheet gives me an overview of what work I have ahead which in turn lets me set priorities for what to do in sequence (re-prioritizing as I go if needed) and a way to find out where I read whatever I read.
Right now I am not marketing the website since I now (with the overview's help) clearly see I have some high priority security stuff I need to get done first. Yesterday I backed up everything on the VPS (first weekly backup with date-time stamp) (the hosting company does weekly backups of the VPS but wants $75 to restore it with a delay of potentially a day). My Sql Backups I described above. Now I can clearly see I need to improve my minimum to be backing up with version control and the help of these tools you suggest. This gets priority 10.
Today is a much needed day off to celebrate the website with my daughter. It is the first day of Spring too (in Canada at least). Enjoy your first day of spring guys. Check out Google today to see the flowers coming up.
Thanks again, John.
|