01-02-2008, 03:53 AM
|
|||
|
|||
Securing a forum
Hey there,
Lets make this one of those long threads with useful information, shall we? Please share your security tips'n tricks below and I am sure that many forum owners will appreciate your tips. Here are mine; - You may wish to modify the adminCP/moderatorCP folders (this may require some modifications on the configuration settings) - I often password protect directories that control the web site, for example the adminCP & moderatorCP are being password protected, and I provide each member a private user and password. - Make sure your file permissions are set as low as possible, try to avoid having files CHMODDED at 777, doublecheck your configuration file so it has READ permissions only. - Use a unique password for both your administrator user and don't ever use the same password for your webhost control panel as you do for your site. - Change your password once in a while, and never assign a user full administration permissions (be careful with who you choose as staff). - Make sure the forum platform is fully up to date, if there are any new versions the best way would be to upgrade asap, as there may be security fixes and further bug fixes released. Share your own tips and tricks, and I am sure this will come to good use for all of us, remember, these are good tips although a very important factor is your web host, you should pick a reliable webhost. - Meti      
|
|
01-02-2008, 05:33 AM
|
||||
|
||||
|
Meti,
Excellent tips, are you talking about all forums generally or one forum software specifically, some of your suggestion goes with any forum thanks that is good, here are a few tips from me. - Do not give a member of your backroom staff more permission than they need. - Always remove or down grade the account of a staff that left very very quickly - Make your forum software force you and other important member of your staff to change their password regularly and they should not use the same password twice in a year. - Backup your forum after making any important changes or hitting a posting landmark.
|
|
01-02-2008, 05:36 PM
|
|||
|
|||
|
Thanks for those excellent tips Temi, I am speaking of general security for any forum platform. You hit a very good point, make sure you do at least weekly backups in order to avoid any complications. Ask your web host regarding backups, most of them do daily/weekly backups.
Meti
|
|
01-02-2008, 07:58 PM
|
||||
|
||||
|
Meti,
I think in addition to you hosts backup, its better if you do a database dump of your site. Hosts are usually not very fast when it comes to helping restore a site but if you have a backup on your PC you can have your forum back online within a few minutes of disaster happening of you have you own db dump on your PC
|
|
01-03-2008, 04:04 AM
|
|||
|
|||
|
Quote:
Meti
|
|
02-17-2008, 08:28 AM
|
||||
|
||||
|
Some more tips :
1. IP Protect your AdminCP directory. Find out your IP address (or IP range, if you have a dynamic ip address), and then restrict access to your AdminCP directory for all IPs, except your own IP address; using an .htaccess file placed in your adminCP directory. Example : If your IP range is 122.154.*.* Then you can use this .htaccess code to restrict the access : Code:
order deny,allow deny from all allow from 122.154. If your webhost allows it, you can also request your webhost to restrict cPanel access to everybody, except from your own IP address/range. This will make it even harder to break into your control panel. This way, even if somebody knows your pass, he won't be able to login as the IP won't match.
|
|
02-17-2008, 08:35 AM
|
||||
|
||||
|
Nice tip shadab, rep added
|
 |
| Useful Resources & Sites |
| • Search Engine Marketing Company • UK Web Hosting • Build One Way Links |
 |
| Thread Tools | |
| Display Modes | |
|
|
| UK Webmaster World Forums - Internet marketing, web development, domain names, SEO contest and discussuons. |
 |
Subscribe to our feeds |
Linear Mode
