Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
kevinkap
Involved
Involved


Joined: Apr 22, 2006
Posts: 356

PostPosted: Fri Jun 30, 2006 8:08 pm Reply with quote

I have seen some addons such as addon protector and admin addon secure for nuke, are these needed with ravens version? Do you use or recommend any other security measures?

_________________
Kevin Kappes 
View user's profile Send private message
jaded
Theme Guru


Joined: Nov 01, 2003
Posts: 1006

PostPosted: Fri Jun 30, 2006 8:57 pm Reply with quote

most of us do not. We believe generally that a good version of nuke, current patches, and sentinal are the best way to go.

_________________
Themes BB Skins Only registered users can see links on this board! Get registered or login!
Graphic Tees Only registered users can see links on this board! Get registered or login!
Paranormal Tees Only registered users can see links on this board! Get registered or login!
Ghost Stories & More Only registered users can see links on this board! Get registered or login!

Last edited by jaded on Fri Jun 30, 2006 9:07 pm; edited 1 time in total 
View user's profile Send private message Visit poster's website
kevinkap
PostPosted: Fri Jun 30, 2006 9:04 pm Reply with quote

jaded wrote:
most of us do now. We believe generally that a good version of nuke, current patches, and sentinal are the best way to go.


can you elaborate please, "most of us do now"?
 
jaded
PostPosted: Fri Jun 30, 2006 9:06 pm Reply with quote

clearly I meant "most of do not" and had a key mishap. lol
 
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Sat Jul 01, 2006 7:30 am Reply with quote

NukeSentinel is the best protection for your site. Should be standard for every nuke website.

But there are some more things you can do:

1. Protect your modules/forums/admin folder with htaccess Only registered users can see links on this board! Get registered or login!
2. Don t trust your members and moderators implicitly.
3. Check your server logs as often as possible.
4. Use always the newest phpBB forums version.
5. Use always the newest NukeSentinel version.
5. Possible ban turkey completely.
6. Protect your config.php
7. protect the memberlist (who can view this - admins only !)
8. Change your sitekey often (its a way but I don t believe that this is really helpful against attackers)
etc. etc. etc.
 
View user's profile Send private message
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Sat Jul 01, 2006 10:26 am Reply with quote

CONSTANTLY watch everything going on with your site, addons are great but you have the ability to stop things as they occur, ban ips that show misbehavior and give NOONE full superuser rights.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
manunkind
Client


Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM

PostPosted: Sat Jul 01, 2006 11:29 am Reply with quote

Disable all Upload functionality in Modules.

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sat Jul 01, 2006 2:28 pm Reply with quote

It's out of date (mainly because NukeSentinel has been updated so many times and I haven't kept up), but my Only registered users can see links on this board! Get registered or login! should help you understand why you don't need the other tools.

That said, it's important to use HTTP admin authentication, apply that to modules/Forums/admin directory, and don't allow uploads unless authorized.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Sun Jul 02, 2006 7:48 am Reply with quote

Htaccess can also be an effective tool to keep people from rummaging thru your site and there are tutorials on its use that you can find by Googling. The only problem with it is that it is very syntax sensitive and if you don't get it just right it will sit there doing nothing and you will sit there thinking you are protected and you won't be. Too bad there is not a "checker" or validator for htaccess the way there is for robots.txt.
 
View user's profile Send private message Visit poster's website
Susann
PostPosted: Sun Jul 02, 2006 8:15 am Reply with quote

You are right .htaccess is our friend in many ways.

Quote:
Too bad there is not a "checker" or validator for htaccess the way there is for robots.txt.



I´m glad that there isn t a check tool available Smile Otherwise everybody would be able to check the htaccess
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©