Announcement

Collapse
No announcement yet.

Protecting against hackers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Protecting against hackers

    What steps can an administrator take to protect his forums from being hacked?

    Are there certain files or folders that should be password protected?

    Is there anything else besides password protecting files and folders that may be effective?

  • #2
    Originally posted by realnew
    What steps can an administrator take to protect his forums from being hacked?

    Are there certain files or folders that should be password protected?

    Is there anything else besides password protecting files and folders that may be effective?
    Hello there, and I am very happy to see you have an interst in taking security serious.

    A few things I did as an admin of my own board are:

    1 - Password protect with .htaccess and .htpasswd the directories admin/ and mod/ so even if someone gaines a username and password from one of the admins or super mods etc from the forum, they still need to know the extra layer of security.

    2 - Restrict access to the admin log pruning and viewing to the administrator only, and do not allow anybody else to have access to do that (including other admins)

    3 - Keep the amount of admins and super mods very very low. I.e. only have yourself as an administrator if possible and if someone else needs admin control panel access, they can be set to the super mod usergroup.

    4 - Turn off HTML in signatures, private messages and posting - this way old & new exploits can not be abused.

    5 - Turn off the way to link images dynamic with [ img ] tags.

    6 - Keep an eye on your crew and if someone gets mad, track his steps more carefully and you can prevent someone to mass destruct your site.

    7 - You can set the main administrator as 'invisible' and post on your site with a different username/pass - this way they can't 'guess' the username of the main admin that easy.

    8 - You should frequently cycle through your passwords and make new ones, this way if one of your passes get out in the open, good chance that when they try it, it doesn't work. - Suggest your members and staff to do the same.

    9 - Use hard to guess passwords to avoid brute force attacks - in case someone has the hashed (encrypted) password. Use upper and lower case letter, numbers and extra characters like @$% etc. (and at least 6 characters)

    moo is easy to brute force and guess
    !M0_o! is a bit harder

    10 - Do not provide too much information about the server. Abusers gather information to find out where there might be entries to sneak in to, like a hole in a daemon of apache or the operating system.

    Comment


    • #3
      Also check this out for general system security http://www.webhostgear.com/240.html
      WebHostGear.com - Server Tutorials, Web Server Guides, Hosting Tutorials
      As seen in Ping Zine Magazine
      Preventing Brute Force Attacks | APF Firewall Install Guide |Cpanel FTP Backup Script Now Available!

      Comment


      • #4
        I'm probably sure you won't be needing this. But if you'd like the upmost of security and have the extra money ($960.00), you can purchase Zend Encoder. It works by compiling your PHP files from the basic plain-text readable format to a binary format called Zend Intermediate Code. So you program via plain-text then distribute the application as another format, keeping your work private.

        Zend Encoder

        Enjoy!

        Comment


        • #5
          Bad ramprage bad! don't digup the 2 year old threads ;P

          Comment


          • #6
            lol my bad zach! sorry
            WebHostGear.com - Server Tutorials, Web Server Guides, Hosting Tutorials
            As seen in Ping Zine Magazine
            Preventing Brute Force Attacks | APF Firewall Install Guide |Cpanel FTP Backup Script Now Available!

            Comment

            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...
            X