How can I protect my site from malicious attack?

Requested and Answered by Carnuke on 2004/11/27 10:25:11

How can I protect my site from malicious attack?

There are several basic steps outlined elsewhere in these FAQs, such as correct use of file/folder permissions, htaccess, index redirects, rejection of uploading unsafe mime-types and regular backups. It is also good policy to use your groups system to filter users, allowing extended priviledges only to trusted members. There are also extra measures you can take to protect your site. Here is an extract froma module called "Protector" Please also see the forum thread Protector module usage. Quote:

Xoops Protector is a module to defend XOOPS2 from various and malicious attacks. This module can protect four kind of attacks like: - DoS - SQL Injection - XSS - System global variable pollution Xoops Protector defends you XOOPS from these attacks, and it records into its log. Of course, all vulnerablities can't be prevented. Be not overconfident, please. However, I recommend installing this module to all XOOPS users. = RELATION to AntiDoS-P = The antecedent of Xoops Protector was AntiDoS-P. Since all functions of AntiDoS-P has been succeeded in Xoops Protector, you'd better to uninstall AntiDoS-P. = USAGE = Please install it as well as a usual module. Turn "Protector block" on and put the block top of left side by blocks admin. Turn the block's permission on to all groups by groups admin. You can do that easily by using Blocks&Groups Admin of Protector. I strongly recommend calling this module from mainfile.php also. After Xoops Protector is installed, edit your mainfile.php like this:
define('XOOPS_GROUP_ADMIN''1');
    
define('XOOPS_GROUP_USERS''2');
    
define('XOOPS_GROUP_ANONYMOUS''3');

    include( 
XOOPS_ROOT_PATH '/modules/protector/include/precheck.inc.php' ) ;

    if (!isset(
$xoopsOption['nocommon'])) {
        include 
XOOPS_ROOT_PATH."/include/common.php";
    }
Insert a line just before the line of if (!isset($xoopsOption['nocommon'])) { Both pre-check and block-check are needed. If you needs the feature of "IP Ban", turn on "System admn" -> "Preferences" -> "General" -> "Enable IP Bans" When you turn this on, you have to check if your IP is included in "Enter IP addresses that should be banned from the site".
Protector is available from PEAK XOOPS http://www.peak.ne.jp/xoops/ There is also a good article on protecting the mainfile.php from ever displaying sensitive information in the event of a php failure The article can be found on Xoops-Tips Protecting mainfile.php Besides the tips given here there are more things to do. I like to prevent attempts to even try pulling the file in a browser.
<Files "mainfile.php">
Order allow,deny
Deny from all
Files>
This will log a Forbidden error in your server logs. Another way is to encrypt the file itself. Most of the PHP addon accelerators/compilers have an encryption feature. Typically these are used for commercial applications so that the customer can't see the code. Also handy for sensitive files like this. The file becomes unreadable except to the webserver and only if the server is using the same engine. Zend products and MMCache are two that I've tried. Since you rarely need to edit the file this is a useful trick. You store the raw file somewhere safe so you can edit and reencrypt it later. I don't see this as much different than an SSL key file that also must be protected. If your server gets rooted you have other problems. See also this forum post here for more details on protector module. Monitoring Recently there has been another xoops module developed and released called Netquery This module offer a number of security checks and traces on visitors to your site See also more security related FAQs here: Can users upload viruses to my site? How can I ban a user? Why should there be an index.html file in all directories? What are spiders and bots and how do I control what they do? How secure will my Xoops website be? How do I CHMOD to 0444? What is CHMOD? What are the correct file permissions?

This Q&A was found on XOOPS Web Application System : https://xoops.org/modules/smartfaq/faq.php?faqid=82