1
Cozzie
About to Launch: Security Check List
  • 2007/8/13 11:18

  • Cozzie

  • Not too shy to talk

  • Posts: 133

  • Since: 2007/7/13


I've read the articles on security but I just wanted to check that I've done everything ok before I launch my site.

Hopefully it will serve as a good check list for future users:

So here's what I've done, have I missed anything?

- using the latest XOOPS version
- using the latest versions of modules and have picked ones that appear to be actively maintained
- installed protector
- changed mainfile permissions to 444 (in root folder)
- changed "check for template modidfications" to "NO" (in Preferences Main >> general settings)
- Using an administrator password that's pretty obscure (random letters & numbers)
- htaccess file is in my root folder

Have I missed anything?

And a couple of questions:


1. I saw mention that all folders should have an index file - does this include folders inside my root but not part of the XOOPS system?

2. Do I need to remove my phpMyAdmin? Its in my root folder? Can I move it to a subfolder and keep using it?

Thanks a lot!!!!

2
Bender
Re: About to Launch: Security Check List
  • 2007/8/13 14:55

  • Bender

  • Home away from home

  • Posts: 1899

  • Since: 2003/3/10


1) yes you should place one in every folder thats accessible from the web in any way

2) You donĀ“t need to have phpmyadmin accessible from your Websites domain. Just create a subdomain like [obscure name].yourwebsite.com which you will point to a different rootfolder on you webspace. Install and use it from there since it does only access the database there is no need to have it under your websites subdomain (www).
Sorry, this signature is experiencing technical difficulties. We will return you to the sheduled signature as soon as possible ...

3
Dave_L
Re: About to Launch: Security Check List
  • 2007/8/13 17:51

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


Whether or not phpmyadmin is hidden, it should be protected. Configure it to use cookie or http authentication, and ensure that all MySQL users have strong passwords.

4
Cozzie
Re: About to Launch: Security Check List
  • 2007/9/14 9:09

  • Cozzie

  • Not too shy to talk

  • Posts: 133

  • Since: 2007/7/13


I never said thanks - so thanks!

5
pAraN0iD
Re: About to Launch: Security Check List
  • 2007/9/14 11:38

  • pAraN0iD

  • Just popping in

  • Posts: 24

  • Since: 2007/4/16


Also, make sure FTP and webhosting account password is strong.

Most important thing is not in list: backup site!

Login

Who's Online

322 user(s) are online (247 user(s) are browsing Support Forums)


Members: 0


Guests: 322


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits