I know that there are bits and pieces about this, but I was wondering whether there are any articles or whitepapers devoted to the topics of...

* General maintenance and settings to keep your XOOPS site running at an optimal level.

* Settings, programs, modules, etc., to keep a site as secure as possible.

I run a site only for my family and want to make sure it's locked down as tight as possible. I disabled new user registration, anonymous accounts and display only the header and login box on the front page. Of course with these steps I am trying to keep unwanted users out.

Additionally, I removed all Meta Keywords and Meta Description and set the Meta Robots to "No Index, No Follow". My hope here is that search engines won't easily find the page.

I know there are some stats modules out there and am looking at php-Stats to help me analyze traffic, hits, etc...

I'd appreciate any other suggestions that the community has for me!

THANKS!!!!!

and remember.. it's not paranoia if they really are out to get you. ;)

Quote:

If you're not P@r@n01D, you're not paying attention.

I run a similar site for my wife and myself. It's hosted on a public server, but is inaccessible to anyone but us. Some additional steps I took to help lock the site down are as follows.....

Permisions, Permisions, Permisions! Lock your Permisions down as tight as you can get them while still maintaining functionality. I've found 555 works well for most files/folders, while I've set mainfile.php to 444 and /uploads, /cache, and templates_c to 777.

Install the AntiDOS module. This module is excellent for thwarting off password cracking scripts as it completely blocks IPs that attempts too many connections per second/minute.

Install the RegKey module. I believe their are a couple available. Combined with your other steps, this would be redundancy, but redundancy is good.

Use VERY strong passwords on Webmaster/Admin accounts. I'm not talking wimpy little 10 character alphanumeric passwords here. I'm talking passwords like this....

W2JA7ebCcdgPxwS5I6&&o60nJ

Of course, if you're extremely paranoid, you could also password protect the directory your site through your web host or a .htaccess file.

Just my 2/c

...but they ARE out to get me!

Thanks for the advice. I'll play with these settings in the next couple of days as well as look into AntiDOS.

Thanks!