1
instantzero
A security idea

Hello,

If you are lucky and have Zend Guard or Ion Cube or SourceGuardian and if your host has installed the necessary runtime, encrypt your mainfile.php

If you have any other security idea, may be we could share it ?

2
Catzwolf
Re: A security idea
  • 2007/7/6 7:18

  • Catzwolf

  • Home away from home

  • Posts: 1392

  • Since: 2007/9/30


Rename ‘uploads’ and ‘cache’ folders to new names of you choice. Preg_replace all instances of these with your new names in Xoops. You may have to do this with some modules. May take a little time, but should help prevent script kiddie attacks.

ATB

Catz

3
Will_H
Re: A security idea
  • 2007/7/6 13:54

  • Will_H

  • Friend of XOOPS

  • Posts: 1786

  • Since: 2004/10/10


I prefer using the server fairy.

She enchants all of my files and folders with +5 hacker defenses.

Wouldn't use anything else.

4
instantzero
Re: A security idea

Quote:

Biteronboard wrote:
I prefer using the server fairy.

She enchants all of my files and folders with +5 hacker defenses.

can you explain please ?

5
Will_H
Re: A security idea
  • 2007/7/8 13:06

  • Will_H

  • Friend of XOOPS

  • Posts: 1786

  • Since: 2004/10/10


LOL!

Just trying to bring a smile or two around here.

6
wtravel
Re: A security idea

You actually made me google for server fairy

7
hervet
Re: A security idea
  • 2007/7/8 13:36

  • hervet

  • Friend of XOOPS

  • Posts: 2267

  • Since: 2003/11/4


Quote:

Biteronboard wrote:
LOL!

Just trying to bring a smile or two around here.

Triple buse

Any other idea ?

8
MadFish
Re: A security idea
  • 2007/7/8 13:53

  • MadFish

  • Friend of XOOPS

  • Posts: 1056

  • Since: 2003/9/27


* Add a salt to password hashes, to prevent dictionary attacks being run against captured hashes.

* Hash passwords simultaneously against 2 hash algorithms, to drastically reduce the chance of finding hash collisions.

* Use different hash algorithm (Herve solution :)

* The default password length in XOOPS is too short. Should be longer (this is a trivial change).

* BUNDLE PROTECTOR WITH THE XOOPS CORE DOWNLOAD, AND PRE-CONFIGURE MAINFILE.PHP TO IMPLEMENT THIS MODULE SO THAT NEW USERS DON'T HAVE TO FIGURE ANYTHING OUT.

* I was shouting respectfully and in good humour of course :) but please, can we not abandon this policy of 'no modules bundled with the core' in the interests of sanity new users? Please? It makes sense to include Protector, doesn't it? It would take about 5 minutes to do, wouldn't it?

Edit: My suggestions are a bit off base from the context of Herve's initial post, because I didn't read it carefully. Sorry! Anyway, I'll leave it here on the odd chance someone reads it :)

9
hervet
Re: A security idea
  • 2007/7/8 14:41

  • hervet

  • Friend of XOOPS

  • Posts: 2267

  • Since: 2003/11/4


To see the different attack my website faces, I have a "special" Php script witch alerts me of URLs searched but not founded.

PS : If someone needs an encrypted mainfile.php, tell me.

10
Chris03
Re: A security idea
  • 2007/8/31 19:55

  • Chris03

  • Quite a regular

  • Posts: 372

  • Since: 2004/2/22


I have moved the contents of mainfile.php to a folder outside of webserver access and just had mainfile.php include that document... Probably not the best solution but it works.
KickassAMD

Login

Who's Online

326 user(s) are online (224 user(s) are browsing Support Forums)


Members: 0


Guests: 326


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits