phpBB2 by Przemo
Support forów phpBB2 modified by Przemo

FAQFAQ - PIERWSZA POMOC!!  regulaminREGULAMIN  SzukajSZUKAJ  UżytkownicyUżytkownicy  GrupyGrupy  StatystykiStatystyki
RejestracjaRejestracja  ZalogujZaloguj  DownloadDownload  katalog Forów DyskusyjnychKatalog Forów   FAQ Video tutoriale

Poprzedni temat «» Następny temat
How to secure a forum?
Autor Wiadomość
Matteo



Pomógł: 1932 razy
Posty: 5713
Wysłany: 05-09-2010, 19:50   How to secure a forum?

How to secure a forum?

1. Use a safe passwords. Passwords type
Kod:
johnyhavecat cosmos01 jackjack00 1234abcd

<b>are doesn't safe!!</b>
Your password can't be a word or phrase, which you found in dictionary. It shouldn't be name of your dog, friend, or any other. It shouldn't be name of your city or number of bus. Safe password had at least 8 signs and looks like that
Kod:
kQPdrmo8t@p.   VCs'A/^n`NrX   W.Y:$@BMdVp&   Gt38Yu*i#rT

Rules are simple
- the longer password is a more safety
- the more complicated password is more safety
- use uppercase and lowercase
- use special signs !@#$%^&*
- use numbers
To easily remember the long and strong password we use a simple method. Example
Kod:
phpbb by przemo
Delete spaces and add uppercases
Kod:
PhpBBByPrzemo
Between words add numbers
Kod:
6hpBB12By6rzem0
and special signs
Kod:
6hpBB*12By#6rzem0

And it looks great :)

2. Use many different passwords. It is very important that you have a different password for the database, others to the FTP, a different password for the Admin account on your forum, other to the email, other in the system. Don't use one password on your website's and any other web place. You ask "Why? I can't use strong, complicated password in many, another places? You write, that this password is rather impossible to hack." Yes, but enough that someone in one place get your password and will have access to all of your services.
Remember of set complicated questions used to reminder of passwords. Question "Where you live?" can be easily guessed. Use a tough questions or custom answers known only to you.

3. Install on your computer a good antivirus program, and keep his base to stay current. It would the best if the program will be integrated with firewall for your Internet connection and was able to detect keyloggers and malicious code on websites. This is protect you from taking over your password. Remember to don't use from services of public computers and internet cafes - you're never sure whether on pc haven't installed program to take a passwords.

4. Use the services of reputable hosting companies. A colleague from upstairs may not have enough knowledge to really secure server where you had forum/webpage.
Remember to always check the credibility of a company in which you want to buy an account. Check online reviews.

5. Don't share <b>anyone</b> your logins and passwords to access the server. Remember that if you give someone access to a server, for the Admin account on the forum or just to FTP is such a person can easily destroy your forum or upload code that will allow him unrestricted access in the future.

6. Especially don't trust people who say they have found a hole and want to protect your server and your forum. Usually they are a crooks who extort money in this way (for alleged repair forum), and it really upload malicious code on the server allowing them to access in the future.
Each hole which is identified is checked by the forum support and if true, is issued with the updated patch, which fixes the script.
Remember also, that <b>noone from support team contact with users</b>. We don't write to you via msn etc. <b>If we had to show you a important information, you'll get an email from adress @przemo.org. Only in this way we inform about the holes, patches and new versions of the script!</b>

7. Installation package with the script, templates and modifications download only from offical page of phpBB2 by Przemo script. If you download something from another source is be aware that someone could modify the code and inject to it access to your forum. Keep in mind also that the support forum is not able to check all the modifications and can't be responsible for errors.. Don't click on suspicious links that you get from strangers. Typically, direct to the webpages where it steals a password, or installs spyware software.

8. Always install the patch published on support page. If you know about a hole that we are trying to patch it as soon as possible. So remember to always use the latest version of the forum script.

9. To additionaly protect the functions of the forum Admin - protect your admin directory via htaccess:
    - go to server management panel (cPanel or another, depending on the company providing the service)
    - find option "Directories protected by password" or similar, select catalog "admin",
    - add user and give to him additional password, <b>other than the account on the forum.</b>

How does it work? When you try to enter to Administrator Panel, the forum will display an additional window to log in which you must enter a username and password you set which you set. Login is independent from the script and increases security forum. Even if someone gains access to the Administrator account on your forum will not be able to get to Admin Panel.

10. Don't give to untrusted individuals rank Junior Admin or Moderator. Announcement of prize competitions in the form of the rank of moderator, or empowerment for the management of the forum to people who you only know the Internet is pure stupidity (often occurring). Ends usually deleting topic or the fully forum. Arguments, to insulting, making himself the anger and the like are the main reasons intrusion on the forums resulting in wanton destruction of all of your work. You are the Admin of your forum and only you. Unless you have someone trustworthy and you know that 100% not get you any number.

11. Create a backups. Check whether your server is doing such copies are automatically. Some companies offer a full discharge of your account (files + database) to an FTP where you can download a copy of this. Contact your support of your server and ask if they can do such a copy of everyday. If not - you have to copy files from the server on some time and make up backup of database. The more often you perform a copy of the content, the less you lose in the event of an attack. Absolute minimum is a backup performed once a week.

Applying those principles you minimizing the possibility of a successful attack on your forum. Of course there is never sure whether tomorrow, next week, next month someone does not detect the new hole, but in such cases, we always try to quickly share patch.

(original content)
_________________
Fora, strony, sklepy internetowe i wiele więcej...
matteo.fcb(at)gmail.com
 
     
Gadatliwa Kasia 

   
Wyświetl posty z ostatnich:   
Odpowiedz do tematu
Nie możesz pisać nowych tematów
Nie możesz odpowiadać w tematach
Nie możesz zmieniać swoich postów
Nie możesz usuwać swoich postów
Nie możesz głosować w ankietach
Nie możesz załączać plików na tym forum
Możesz ściągać załączniki na tym forum
Dodaj temat do Ulubionych
Wersja do druku

Skocz do:  

Kopiowanie wszelkich treści zawartych na forum, modyfikacji oraz instrukcji bez zgody administracji i autorów tematów/postów zabronione!

Powered by phpBB modified by Przemo © 2003 phpBB
Strona wygenerowana w 0,12 sekundy. Zapytań do SQL: 11
Polecane serwisy

Najlepsze oprogramowanie do prowadzenia sklepu internetowegoNajlepszy program do sklepu firmowany przez Przem'a

Sklep z gadżetami

Design Cart - Tworzenie sklepu internetowego

iRonin.IT

• Zamów reklamę