Default configurations of Apache, PHP, and Drupal often serve files they shouldn't. In this first article in a series, I review configuration changes to tighten security by limiting access to files and directories for a Drupal web site served by Apache.
Drupal's default settings provide rather loose security. In this second article in a series, I review Drupal configuration changes to tighten security and control who can create and view content.
Default Drupal, Apache, and PHP settings broadcast to hackers much more about your site's configuration than hackers should know. In this third article in a series, I review settings to tighten security and reduce this information leakage.
Legitimate web site visitors are there to read your content, but spammers only visit to run email harvesters (spambots) that scan your web pages for email addresses. To protect your addresses, and avoid wasting network bandwidth talking to spammers, change your web server configuration to block spammer access. Blacklist spammer IP addresses, block access from known harvester spiders, or require visitors to log in. Some of the methods tested in this article were successful at blocking email harvesters.
A spammer’s email harvester is a web spider that crawls through the pages of your site looking for email addresses. To protect your addresses, hide the pages that contain them. Use a
robots.txt file or
<meta> tags to stop well-behaved harvesters (are there any?), and hidden links, redirects, forms, and frames to try to stop the rest. The email harvesters tested in this article were stopped by some of these tricks, but not by others.