1
domineaux
Security - need some ideas for securing sites
  • 2004/8/15 14:09

  • domineaux

  • Quite a regular

  • Posts: 389

  • Since: 2002/9/29


I've been moving along building sites and pretty well minding my own business. Some of the sites I've worked on in the past few years are beginning to show some traffic. The traffic is certainly going to attract some malcontents.

Using the Linux/Apache/Php/Xoops on several of these sites

I'm thinking I need to start addressing security concerns. I've had a few issues, but to be honest I didn't know whether to assign them to being hacked or just plain code issues.

I really think we need a SECURITY TOPIC, but for the time being it sure would be a help of we could get some dialogue going on possible issues and fixes for Security related problems.

Time to wake up

2
m0nty
Re: Security - need some ideas for securing sites
  • 2004/8/15 14:33

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


hmmm whilst i agree that security is a big issue..

Xoops is pretty much secure in itself.. and development is on going, so i wouldn't worry about that too much..

but i think it would be a really bad idea to create a forum and get everybody posting vulnerabilities or security issues they have found in order for people to be able to fix them. for 1 such a forum would become a haven for hackers.. they would no longer need to spend all their time finding ways into peoples XOOPS sites, as they can simply then just view that forum and know what vulnerabilities or issues are there and then just go out and do it.. It would help them more than it would help us..

any security issues or vulnerabilities should be discussed in private and not in public..

that's my opinion anyway..

a few tips tho..

make sure file and folder permissions are set accordingly..

Install only the modules you actually require and use.. having more than you actually use can increase the risk of some1 finding a flaw somewhere..

Keep your server and modules and CMS etc up to date with the current versions and fixes.. It's surprising how many people don't actually upgrade because they don't want to go thru all the hassle of upgrading again and applying hacks.. but unfortunately it has to be done.. (if u have made hacks to files, make a note in a text file or something of every hack you have made and to what file etc)

i would also suggest a minimum password length of 8 characters

make sure any scripts you have are properly closed after the script has finished (more for programmers)

make sure you trust whoever you give admin rights too..

keep regular checks on your servers access logs, these can be a good source of detecting if somebody is trying to gain access somewhere..

well there's a few, and there's lots i've missed & probly more that i haven't even thought of..


3
domineaux
Re: Security - need some ideas for securing sites
  • 2004/8/15 18:11

  • domineaux

  • Quite a regular

  • Posts: 389

  • Since: 2002/9/29


You're probably right

As I was making the posting I was thinking more in terms of people just sharing ideas about security in pretty general terms, i.e., here is a good hack for taking care of the DOS attack,etc.

This might best be a topic for a closed or private forum category.




Login

Who's Online

336 user(s) are online (264 user(s) are browsing Support Forums)


Members: 0


Guests: 336


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits