| |
| Running a forum Information and resources for running a successful forum. |
 |
|

01-02-2008, 04:53 AM
|
 |
Senior Member
|
|
|
Join Date: Mar 2007
Location: Sweden
Posts: 467
|
|
Securing a forum
Hey there,
Lets make this one of those long threads with useful information, shall we? Please share your security tips'n tricks below and I am sure that many forum owners will appreciate your tips.
Here are mine;
- You may wish to modify the adminCP/moderatorCP folders (this may require some modifications on the configuration settings)
- I often password protect directories that control the web site, for example the adminCP & moderatorCP are being password protected, and I provide each member a private user and password.
- Make sure your file permissions are set as low as possible, try to avoid having files CHMODDED at 777, doublecheck your configuration file so it has READ permissions only.
- Use a unique password for both your administrator user and don't ever use the same password for your webhost control panel as you do for your site.
- Change your password once in a while, and never assign a user full administration permissions (be careful with who you choose as staff).
- Make sure the forum platform is fully up to date, if there are any new versions the best way would be to upgrade asap, as there may be security fixes and further bug fixes released.
Share your own tips and tricks, and I am sure this will come to good use for all of us, remember, these are good tips although a very important factor is your web host, you should pick a reliable webhost.
- Meti
|

01-02-2008, 06:33 AM
|
 |
Facilitator
|
|
|
Join Date: Jun 2003
Location: London, England.
Posts: 12,528
|
|
Meti,
Excellent tips, are you talking about all forums generally or one forum software specifically, some of your suggestion goes with any forum thanks that is good, here are a few tips from me.
- Do not give a member of your backroom staff more permission than they need.
- Always remove or down grade the account of a staff that left very very quickly
- Make your forum software force you and other important member of your staff to change their password regularly and they should not use the same password twice in a year.
- Backup your forum after making any important changes or hitting a posting landmark.
|

01-02-2008, 06:36 PM
|
 |
Senior Member
|
|
|
Join Date: Mar 2007
Location: Sweden
Posts: 467
|
|
Thanks for those excellent tips Temi, I am speaking of general security for any forum platform. You hit a very good point, make sure you do at least weekly backups in order to avoid any complications. Ask your web host regarding backups, most of them do daily/weekly backups.
Meti
|

01-02-2008, 08:58 PM
|
 |
Facilitator
|
|
|
Join Date: Jun 2003
Location: London, England.
Posts: 12,528
|
|
Meti,
I think in addition to you hosts backup, its better if you do a database dump of your site. Hosts are usually not very fast when it comes to helping restore a site but if you have a backup on your PC you can have your forum back online within a few minutes of disaster happening of you have you own db dump on your PC
|

01-03-2008, 05:04 AM
|
 |
Senior Member
|
|
|
Join Date: Mar 2007
Location: Sweden
Posts: 467
|
|
Quote:
Originally Posted by temi
Meti,
I think in addition to you hosts backup, its better if you do a database dump of your site. Hosts are usually not very fast when it comes to helping restore a site but if you have a backup on your PC you can have your forum back online within a few minutes of disaster happening of you have you own db dump on your PC
|
Agreed. I used to have an application that automatically connected with my mySQL server and backed up my databases, stored them at my own PC. However, I had that software on my previous machine, cannot seem to find it any more.
Meti
|

02-17-2008, 09:28 AM
|
 |
Member
|
|
|
Join Date: Dec 2007
Location: Bhopal (India)
Posts: 80
|
|
Some more tips :
1. IP Protect your AdminCP directory.
Find out your IP address (or IP range, if you have a dynamic ip address), and then restrict access to your AdminCP directory for all IPs, except your own IP address; using an .htaccess file placed in your adminCP directory.
Example : If your IP range is 122.154.*.*
Then you can use this .htaccess code to restrict the access :
Code:
order deny,allow
deny from all
allow from 122.154.
2. IP Protect your hosting control panel
If your webhost allows it, you can also request your webhost to restrict cPanel access to everybody, except from your own IP address/range. This will make it even harder to break into your control panel. This way, even if somebody knows your pass, he won't be able to login as the IP won't match.
|

02-17-2008, 09:35 AM
|
 |
Facilitator
|
|
|
Join Date: Jun 2003
Location: London, England.
Posts: 12,528
|
|
Nice tip shadab, rep added 
|

09-29-2008, 09:07 AM
|
 |
Junior Member
|
|
|
Join Date: Apr 2008
Posts: 13
|
|
Excellent, I was messing around with this and couldn't believe how un-secure my forum actually was.
Great article.
|

11-07-2008, 10:31 AM
|
|
Member
|
|
|
Join Date: Nov 2008
Posts: 41
|
|
Thank you for the nice tips.
|

11-13-2008, 04:43 AM
|
|
Junior Member
|
|
|
Join Date: Nov 2008
Location: Canada
Posts: 24
|
|
I have noticed that in order to avoid unwanted posters posting bad things on your forums best to have your settings set so that any new members have to be approved by either the webmaster or the global moderator and this should discourage any trouble maker from trying to register only to do harm to your site!
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT. The time now is 07:02 AM.
| UK Webmaster World Forums - Internet marketing, web development, domain names, SEO contest and discussuons. |
|