Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro
Author Message
spyrule
Worker
Worker


Joined: Jun 06, 2006
Posts: 105

PostPosted: Wed Jun 14, 2006 10:39 pm Reply with quote

Hello,

Now I realize that alot of Nuke Sentinel's security is laid upon .htaccess file security. But the question I have, is how secure is Raven Nuke 7.6 w/Sentinel on an IIS 6 windows server.

Does anybody have any suggestions on how to make my server more secure when in relation to this software (besides the obvious switch to Unix / Linux server. (which honestly for me, isn't any better, because I couldn't assure myself that my server would even BE secure!!!).

Thanks in advance,

btw, opinions are VERY welcome, just no flame/ill speak here please,

Spyrule.
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Wed Jun 14, 2006 10:47 pm Reply with quote

You don't have to switch to *nix. *nix is the OS, not the web server. You could just use Apache instead of IIS.

But, NukeSentinel(tm) does NOT need .htaccess nor .staccess to run. Without .htaccess you lose the capability to write your blocked IP's at the server level as opposed to the site level. It's a little less daunting. IIS allows for HTTPAuthentication so you can still use that to protect your admin.php file.

So, bottom line, it's 100% effective on both.
 
View user's profile Send private message
spyrule
PostPosted: Thu Jun 15, 2006 7:24 am Reply with quote

nice, ok cool.... that's just a little more mental assurance.


spyrule
 
spyrule
PostPosted: Sat Jun 17, 2006 6:36 pm Reply with quote

well,

As a quick update to this...

I was hacked on another phpnuke site that WASN'T running ravennuke, so I figured, well what the hell, I can move most of my content over to raven in no time.

Got my new site up and running in 10 minutes, added gallery2, imported all my
pictures, tweaked my theme a little for gallery2 (was using gallery1 prior).

and then sat back and waited. Within about an hour I caught a second hack attempt from, what I am assuming (by IP range), was the same person.

This time, however NukeSentinel caught them, and banned their IP range. So far, the 3 times that I have been hacked, have been twice from turkey and 1 from russia. So I just blocked the entire d*** country (my website is english only specialty site on the saltwater aquarium hobby!!!), so I'm not too worried about the limitation this implemented.

But for now, I have noticed that the person attempted again 2 more times before
I blocked the entire country (in this specific case, turkey).

Needless to say... I am happy. Not that I am perfectly safe... that's just unrealistic
in the real world, but better then I was.

Cheers, and Kudo's to the Raventeam.

Spyrule
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Sat Jun 17, 2006 7:19 pm Reply with quote

Gallery will leave you open, so make sure you take all the precautions you can with that like making it for reg users only etc. It won't stop them but it should slow them enough to pick a different target.
If you do not want you url public, can you pm me the url to your site as I have an interest in tropical fish also.
 
View user's profile Send private message Send e-mail
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©