Announcement

Collapse
No announcement yet.

How do I secure my Board?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How do I secure my Board?

    What is the best procedure to ensure that your site is secure from attack? Is there a FAQ or how to guide out there that provides such information?

    Thanks

  • #2
    Originally posted by Guidster
    What is the best procedure to ensure that your site is secure from attack? Is there a FAQ or how to guide out there that provides such information?

    Thanks
    im kinda interested in this as well..the one thing i do know, is to not allow HTML in posts..what i would be interested in, is: what files/folders should be chmod'd to what values for max security?

    Comment


    • #3
      Originally posted by Grunt
      im kinda interested in this as well..the one thing i do know, is to not allow HTML in posts..what i would be interested in, is: what files/folders should be chmod'd to what values for max security?
      Exactly!

      Comment


      • #4
        Originally posted by Grunt
        im kinda interested in this as well..the one thing i do know, is to not allow HTML in posts..what i would be interested in, is: what files/folders should be chmod'd to what values for max security?
        Remember don't allow HTML in sigs and PMs, too. Also .htaccess your admin and mod CP.
        --filburt1, vBulletin.org/vBulletinTemplates.com moderator
        Web Design Forums.net: vB Board of the Month
        vBulletin Mail System (vBMS): webmail for your forum users

        Comment


        • #5
          Originally posted by filburt1
          Remember don't allow HTML in sigs and PMs, too. Also .htaccess your admin and mod CP.
          im really not understanding the .htaccess thing. let me ask something.. lets say you had a place on your website that you wanted certain people to access. so you put in the .htaccess in a directory. how do you do it?

          lets say the username was: monkey and the password was: uncle

          can you explain this filburt? I really have never understood .htaccess even after looking at the tutorial.

          Comment


          • #6
            .htaccess guide
            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
            Change CKEditor Colors to Match Style (for 4.1.4 and above)

            Steve Machol Photography


            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


            Comment


            • #7
              Originally posted by Roody
              im really not understanding the .htaccess thing. let me ask something.. lets say you had a place on your website that you wanted certain people to access. so you put in the .htaccess in a directory. how do you do it?

              lets say the username was: monkey and the password was: uncle

              can you explain this filburt? I really have never understood .htaccess even after looking at the tutorial.
              http://www.webdesignforums.net/tools/htaccess/
              --filburt1, vBulletin.org/vBulletinTemplates.com moderator
              Web Design Forums.net: vB Board of the Month
              vBulletin Mail System (vBMS): webmail for your forum users

              Comment


              • #8
                Originally posted by filburt1
                http://www.webdesignforums.net/tools/htaccess/
                wow man. you rock! nice work as always. tell me this..can one username and password given to several people work or do you need to create multiple username and passwords and if so how do you do that with your generator?

                Comment


                • #9
                  Originally posted by Roody
                  wow man. you rock! nice work as always. tell me this..can one username and password given to several people work or do you need to create multiple username and passwords and if so how do you do that with your generator?
                  IIRC the generator I wrote only works with one username and password, but if you run it multiple times then download only the .htpasswd file you can copy and paste that u/p line into the original .htpasswd file as a new line which works, too.
                  --filburt1, vBulletin.org/vBulletinTemplates.com moderator
                  Web Design Forums.net: vB Board of the Month
                  vBulletin Mail System (vBMS): webmail for your forum users

                  Comment


                  • #10
                    Originally posted by filburt1
                    IIRC the generator I wrote only works with one username and password, but if you run it multiple times then download only the .htpasswd file you can copy and paste that u/p line into the original .htpasswd file as a new line which works, too.
                    ok so let me see if i understand you correctly. I need 1 .htaccess file that will work for everyone, but multiple .htpasswd?

                    Comment


                    • #11
                      Originally posted by Steve Machol
                      .htaccess guide
                      Thanks for the guide. Just so I am clear, if I want to secure my vb CP, I would want to put one in my admin folder. Likewise for the images folder to prevent someone from linking over to my site. I assume that I will need a username and password specified so that vb can access the files it needs to when the php scripts run??

                      Thanks and sorry for being such a bonehead! Just starting this gig!

                      Comment


                      • #12
                        Originally posted by Roody
                        ok so let me see if i understand you correctly. I need 1 .htaccess file that will work for everyone, but multiple .htpasswd?
                        No, multiple lines in one .htpasswd.
                        --filburt1, vBulletin.org/vBulletinTemplates.com moderator
                        Web Design Forums.net: vB Board of the Month
                        vBulletin Mail System (vBMS): webmail for your forum users

                        Comment


                        • #13
                          I don't know about the images directory, but you'd certainly want to do this for your admin and mod directories.
                          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                          Change CKEditor Colors to Match Style (for 4.1.4 and above)

                          Steve Machol Photography


                          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                          Comment


                          • #14
                            Originally posted by filburt1
                            No, multiple lines in one .htpasswd.
                            so i would create multiple user names and passwords in the .htpasswd directory?

                            Comment


                            • #15
                              Originally posted by Roody
                              so i would create multiple user names and passwords in the .htpasswd directory?
                              Basically you want a .htaccess file with the following in it placed in your admin folder.
                              Code:
                              AuthType Basic
                              AuthName "Admin Panel"
                              AuthUserFile /path/to/.htpasswd
                              require valid-user
                              then in your .htpasswd file you have
                              Code:
                              user1:pass1
                              user2:pass2
                              user3:pass3
                              though if you have cpanel it makes life alot easier.
                              Scott MacVicar

                              My Blog | Twitter

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X