Recently we have been getting a flood of calls from distressed Magento store owners with compromised servers. As a result we compiled a comprehensive list of security tips on running a secure Magento environment. Some tips are basic but still it is worth mentioning it here sine I have seen so many cases were the basics are not covered properly. Like any other eCommerce application residing on a web server, Magento needs to be secured and one will be surprised how often these basics mistakes are done on live production servers.
If you are running a multi-million dollar eCommerce site you may want to make sure that the HTTP TRACE method is disabled. By default this method is enabled in Apache, and if enabled it allows for Cross Site Tracing Issue and potentially giving the option to a hacker to steal your cookie information from a specific website so later they can impose as you.