If you are thinking that all web servers are secure then let me explain it to you that web servers are always in a bigger danger than websites. If any hacker gets access to the web server then he can misuse the important information available there, because a web server carries information about many websites. So the danger is not about a single business there. Hackers can install some software’s on the server for further attacks and access. As the web server provide you data externally so there are always more chances of exploitation for web servers. There are some ways by using which web servers can try to protect them-selves for hacking. Administrators and Developer s of the web server are the two main groups who can help in securing the web server. Some simple methods that Administrator can use to secure the web server are that he can do configuration to prevent DOS attacks, he can make sure not to reveal HTTP headers, he can coordinate placement of information and scripts, he can avoid installing unnecessary tools, samples and 3rd party software on the web server and he can administer the server with a good patch management system.
Once the responsibilities of Administrator are over, then the duties of Developer come in front of us. The things that the developer can do for the security purposes of a web server are as followed he can manipulate the parameters, these parameters can include fields, cookie, http headers and URL etc. After the manipulation some other tools that can be used by developers are Cross-site scripting (XSS) and SQL Injection.
The ways which are described above are little advance. There are also some other basic methods which can be adopted for security of the web server. The very basic one is using strong passwords. To keep your web server secure your can use passwords with different strings. Never go for as passwords which is in dictionary, try to choose any punctuation as your web server password. Beside this it is very important that you don’t share your password with people. By doing this you can reduce the thread of being hacked. With this you can also try obscurity.
When you are owning a web server then it is very important that you always keep an eye on the accounts which are running on the server. Always choose the right user group, disable the unused modules, limit request size, do not allow browsing outside the document, hide the server version numbers and Immunize httpd.conf. You never have to run your server as root. You must secure your CGI-BIN Directory and with that CGIs and PHP Scripts. You have to regularly update your web server security tools. If you think that once you have installed all the tools and there is no need of checking them over and over, then let me explain it to you that you are at a big mistake. These methods can also help you in making your web server a secured one and keeping hackers away from your servers.