other security measures?

Involved Joined: Apr 22, 2006 Posts: 356

I have seen some addons such as addon protector and admin addon secure for nuke, are these needed with ravens version? Do you use or recommend any other security measures?

registered · Theme Guru Joined: Nov 01, 2003 Posts: 1006

most of us do not. We believe generally that a good version of nuke, current patches, and sentinal are the best way to go.

Posted: Fri Jun 30, 2006 9:04 pm

jaded wrote:

most of us do now. We believe generally that a good version of nuke, current patches, and sentinal are the best way to go.

can you elaborate please, "most of us do now"?

Posted: Fri Jun 30, 2006 9:06 pm

clearly I meant "most of do not" and had a key mishap. lol

Posted: Sat Jul 01, 2006 7:30 am

NukeSentinel is the best protection for your site. Should be standard for every nuke website.

But there are some more things you can do:

1. Protect your modules/forums/admin folder with htaccess [ Only registered users can see links on this board! Get registered or login! ]
2. Don t trust your members and moderators implicitly.
3. Check your server logs as often as possible.
4. Use always the newest phpBB forums version.
5. Use always the newest NukeSentinel version.
5. Possible ban turkey completely.
6. Protect your config.php
7. protect the memberlist (who can view this - admins only !)
8. Change your sitekey often (its a way but I don t believe that this is really helpful against attackers)
etc. etc. etc.

Posted: Sat Jul 01, 2006 10:26 am

CONSTANTLY watch everything going on with your site, addons are great but you have the ability to stop things as they occur, ban ips that show misbehavior and give NOONE full superuser rights.

Posted: Sat Jul 01, 2006 11:29 am

Disable all Upload functionality in Modules.

Site Admin Joined: Jun 04, 2004 Posts: 6433

It's out of date (mainly because NukeSentinel has been updated so many times and I haven't kept up), but my comparison of Nuke Security Tools should help you understand why you don't need the other tools.

That said, it's important to use HTTP admin authentication, apply that to modules/Forums/admin directory, and don't allow uploads unless authorized.

Posted: Sun Jul 02, 2006 7:48 am

Htaccess can also be an effective tool to keep people from rummaging thru your site and there are tutorials on its use that you can find by Googling. The only problem with it is that it is very syntax sensitive and if you don't get it just right it will sit there doing nothing and you will sit there thinking you are protected and you won't be. Too bad there is not a "checker" or validator for htaccess the way there is for robots.txt.

Posted: Sun Jul 02, 2006 8:15 am

You are right .htaccess is our friend in many ways.

Quote:

Too bad there is not a "checker" or validator for htaccess the way there is for robots.txt.

I´m glad that there isn t a check tool available Smile

Otherwise everybody would be able to check the htaccess