0

I need to protect all the files on my server, what is the best way to do this? We already use HTTPS for any communication on or two the server, but nothing stops someone hacking into the the FTP (well, there is a complex password and a firewall) but how do I make sure that no one can download a PHP page and view the source code, unless they have the decrypt code.

I looked at this site http://www.rightscripts.com/phpencode/index.php but personally I would not put personal information about my site into it.

I don't mind paying something if it's the best practice.

halfer
  • 19,824
  • 17
  • 99
  • 186
RussellHarrower
  • 6,470
  • 21
  • 102
  • 204
  • This is a sys-admin question, not a programming question... – Oliver Charlesworth Jul 18 '12 at 01:29
  • 1
    How do you plan to run PHP pages if they're encrypted? – Waleed Khan Jul 18 '12 at 01:30
  • @arxanas - See ionCube (http://www.ioncube.com/) – Geoffrey Jul 18 '12 at 01:32
  • Duplicate of http://stackoverflow.com/questions/232736/code-obfuscator-for-php – Danack Jul 18 '12 at 01:36
  • 1
    I know this probably isn't what you want to hear, but I would advise not doing this. Take steps to physically (e.g. encrypted filesystems) and digitally (SFTP instead of FTP, requiring certificate-based logins, etc.) secure your server, and call it a day. The problem is that the more tricks like this you employ, the more of a nightmare it is to maintain your system and ensure end-to-end integrity. I've seen far too many environments where companies incur massive amounts of downtime because management demands 5000 moving parts. Unless you're CIA or NSA, this level of security isn't worth it. – King Skippus Jul 18 '12 at 01:52

1 Answers1

0

ionCube is very commonly deployed for this purpose. Please note however that even with a long FTP password, it is still vulnerable to anyone sniffing on the network for it as plain FTP does not provide any encryption at all.

Geoffrey
  • 10,843
  • 3
  • 33
  • 46