Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
express
Client


Joined: Jan 03, 2007
Posts: 94

PostPosted: Mon Nov 26, 2007 2:30 pm Reply with quote

Hi everyone,

I am pleased to say the least that I have my first Raven PhpNuke site almost ready to Groovy
I am now looking for a little advice before I turn my site out to the cold cruel world. This is just a family web site for my relatives. I want only registered family members that I put into a "group" to have any access to the majority of the site. There will be no critical data kept on this site other than the usual family banter and pictures. Just want a private place for us to gather since we are all over the globe. I have NS up and enabled. Should I change any of the other default NS settings at this time? I have enabled the dos and santy worm protection. I have installed the code that prohibits web crawling of the site.
Also, I have made the site where in order to view the forums/calendars/downloads/ and some other blocks and modules restricted to only registered members who I will manually put into a group. I have experimented with my laptop by visiting the site and so far it is working like I want. An anonymous visitor sees and can only view very limited info whereas a reg user belonging to the correct group has full access.
Are there any other things I should do that will allow me to control and maintain our privacy in the web site.
Thanks in advance,
Express
 
View user's profile Send private message
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Mon Nov 26, 2007 4:39 pm Reply with quote

Still everybody can register as long as you don´t use a hack for the Your Account.
You ´ll find a lite version wich works with RavenNuke at Only registered users can see links on this board! Get registered or login!
You could install this "Approve membership lite" but it will take a time until the bots will find your site. So I believe thats not really urgent.
You can also ban complete countries in NukeSentinel and because there are a lot spammers and spam servers in countries like China, Korea, Russia ban them. I´m not saying thats the solution because spambots are coming from all countries but because its a private site I would deny access.
"I have NS up and enabled." Is Http Auth activated ?
The blockers are already pre configured and activated in RavenNuke but its a good idea to check your settings again.
There are many options in the forums administration you can ban there also a lot of other things.
 
View user's profile Send private message
express
PostPosted: Mon Nov 26, 2007 5:38 pm Reply with quote

Susann wrote:
Still everybody can register as long as you don´t use a hack for the Your Account.
You ´ll find a lite version wich works with RavenNuke at Only registered users can see links on this board! Get registered or login!

What if I make it that even though anyone can register, I still require that only registered users that are assigned to a specific group has access to the good stuff. Am I right in that thinking? Being a novice with the power of this program, the way I see it is if a person does not have the Group rights, then they are stuck at only being able to view what is not included in the group permissions which isn't much. Besides, if someone does register that isn't family...boom...they get instant ban.

Susann wrote:
You can also ban complete countries in NukeSentinel and because there are a lot spammers and spam servers in countries like China, Korea, Russia ban them. I´m not saying thats the solution because spambots are coming from all countries but because its a private site I would deny access.

Man I love the power at my fingertips! Thanks for this tip I'll do it asap. Might even ban North Dakota too while I am at it. killing me

Susann wrote:
"I have NS up and enabled." Is Http Auth activated ?

I have CGI auth enabled. I did not have the http auth option when I did the install. This is working well.

Thanks for the sound advice Susan.
Express
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Mon Nov 26, 2007 5:55 pm Reply with quote

HTTP Auth is not available with the php setting register_globals set to off. You have to use CGI Auth which is safer anyway. We run register_globals off by default and I highly recommend (as your host Wink ) that you do not override the setting. They function the same.
 
View user's profile Send private message
Susann
PostPosted: Tue Nov 27, 2007 12:18 pm Reply with quote

Sure with Cgi Auth your admin files have also an addition protection.
Ban or delete user accounts later or don´approve the registration isn´t a great difference particularly with regard to your "unknown website".Smile

I think the time will tell you what to change also. Just don´t forget to check logfiles from time to time and use the tracked features of NukeSentinel.
 
express
PostPosted: Tue Nov 27, 2007 1:41 pm Reply with quote

Thanks Susan, I will.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©