|
|
phpBB2 by Przemo
Support forów phpBB2 modified by Przemo
|
|
How to secure a forum? |
Autor |
Wiadomość |
Matteo
Pomógł: 1932 razy Posty: 5713
|
Wysłany: 05-09-2010, 19:50 How to secure a forum?
|
|
|
How to secure a forum?
1. Use a safe passwords. Passwords type
Kod: | johnyhavecat cosmos01 jackjack00 1234abcd |
<b>are doesn't safe!!</b>
Your password can't be a word or phrase, which you found in dictionary. It shouldn't be name of your dog, friend, or any other. It shouldn't be name of your city or number of bus. Safe password had at least 8 signs and looks like that
Kod: | kQPdrmo8t@p. VCs'A/^n`NrX W.Y:$@BMdVp& Gt38Yu*i#rT |
Rules are simple
- the longer password is a more safety
- the more complicated password is more safety
- use uppercase and lowercase
- use special signs !@#$%^&*
- use numbers
To easily remember the long and strong password we use a simple method. ExampleDelete spaces and add uppercases
Between words add numbers and special signs
And it looks great
2. Use many different passwords. It is very important that you have a different password for the database, others to the FTP, a different password for the Admin account on your forum, other to the email, other in the system. Don't use one password on your website's and any other web place. You ask "Why? I can't use strong, complicated password in many, another places? You write, that this password is rather impossible to hack." Yes, but enough that someone in one place get your password and will have access to all of your services.
Remember of set complicated questions used to reminder of passwords. Question "Where you live?" can be easily guessed. Use a tough questions or custom answers known only to you.
3. Install on your computer a good antivirus program, and keep his base to stay current. It would the best if the program will be integrated with firewall for your Internet connection and was able to detect keyloggers and malicious code on websites. This is protect you from taking over your password. Remember to don't use from services of public computers and internet cafes - you're never sure whether on pc haven't installed program to take a passwords.
4. Use the services of reputable hosting companies. A colleague from upstairs may not have enough knowledge to really secure server where you had forum/webpage.
Remember to always check the credibility of a company in which you want to buy an account. Check online reviews.
5. Don't share <b>anyone</b> your logins and passwords to access the server. Remember that if you give someone access to a server, for the Admin account on the forum or just to FTP is such a person can easily destroy your forum or upload code that will allow him unrestricted access in the future.
6. Especially don't trust people who say they have found a hole and want to protect your server and your forum. Usually they are a crooks who extort money in this way (for alleged repair forum), and it really upload malicious code on the server allowing them to access in the future.
Each hole which is identified is checked by the forum support and if true, is issued with the updated patch, which fixes the script.
Remember also, that <b>noone from support team contact with users</b>. We don't write to you via msn etc. <b>If we had to show you a important information, you'll get an email from adress @przemo.org. Only in this way we inform about the holes, patches and new versions of the script!</b>
7. Installation package with the script, templates and modifications download only from offical page of phpBB2 by Przemo script. If you download something from another source is be aware that someone could modify the code and inject to it access to your forum. Keep in mind also that the support forum is not able to check all the modifications and can't be responsible for errors.. Don't click on suspicious links that you get from strangers. Typically, direct to the webpages where it steals a password, or installs spyware software.
8. Always install the patch published on support page. If you know about a hole that we are trying to patch it as soon as possible. So remember to always use the latest version of the forum script.
9. To additionaly protect the functions of the forum Admin - protect your admin directory via htaccess:
- go to server management panel (cPanel or another, depending on the company providing the service)
- find option "Directories protected by password" or similar, select catalog "admin",
- add user and give to him additional password, <b>other than the account on the forum.</b>
How does it work? When you try to enter to Administrator Panel, the forum will display an additional window to log in which you must enter a username and password you set which you set. Login is independent from the script and increases security forum. Even if someone gains access to the Administrator account on your forum will not be able to get to Admin Panel.
10. Don't give to untrusted individuals rank Junior Admin or Moderator. Announcement of prize competitions in the form of the rank of moderator, or empowerment for the management of the forum to people who you only know the Internet is pure stupidity (often occurring). Ends usually deleting topic or the fully forum. Arguments, to insulting, making himself the anger and the like are the main reasons intrusion on the forums resulting in wanton destruction of all of your work. You are the Admin of your forum and only you. Unless you have someone trustworthy and you know that 100% not get you any number.
11. Create a backups. Check whether your server is doing such copies are automatically. Some companies offer a full discharge of your account (files + database) to an FTP where you can download a copy of this. Contact your support of your server and ask if they can do such a copy of everyday. If not - you have to copy files from the server on some time and make up backup of database. The more often you perform a copy of the content, the less you lose in the event of an attack. Absolute minimum is a backup performed once a week.
Applying those principles you minimizing the possibility of a successful attack on your forum. Of course there is never sure whether tomorrow, next week, next month someone does not detect the new hole, but in such cases, we always try to quickly share patch.
(original content) |
_________________
Fora, strony, sklepy internetowe i wiele więcej...
matteo.fcb(at)gmail.com |
|
|
|
|
Gadatliwa Kasia
|
|
|
|
|
Nie możesz pisać nowych tematów Nie możesz odpowiadać w tematach Nie możesz zmieniać swoich postów Nie możesz usuwać swoich postów Nie możesz głosować w ankietach Nie możesz załączać plików na tym forum Możesz ściągać załączniki na tym forum
|
Dodaj temat do Ulubionych Wersja do druku
|
Kopiowanie wszelkich treści zawartych na forum, modyfikacji oraz instrukcji bez zgody administracji i autorów tematów/postów zabronione!
Powered by phpBB modified by Przemo © 2003 phpBB
| Strona wygenerowana w 0,12 sekundy. Zapytań do SQL: 11 | |
|
|