| Author |
Message |
kevinkap
Involved
Joined: Apr 22, 2006
Posts: 356
|
 Posted:
Fri Jun 30, 2006 8:08 pm |
|
I have seen some addons such as addon protector and admin addon secure for nuke, are these needed with ravens version? Do you use or recommend any other security measures? |
_________________
Kevin Kappes |
|
|
|
jaded
Theme Guru
Joined: Nov 01, 2003
Posts: 1006
|
| Posted:
Fri Jun 30, 2006 8:57 pm |
|
|
|
|
kevinkap
|
| Posted:
Fri Jun 30, 2006 9:04 pm |
|
| jaded wrote: | | most of us do now. We believe generally that a good version of nuke, current patches, and sentinal are the best way to go. |
can you elaborate please, "most of us do now"? |
| |
|
|
|
|
jaded
|
| Posted:
Fri Jun 30, 2006 9:06 pm |
|
clearly I meant "most of do not" and had a key mishap. lol |
| |
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Sat Jul 01, 2006 7:30 am |
|
NukeSentinel is the best protection for your site. Should be standard for every nuke website.
But there are some more things you can do:
1. Protect your modules/forums/admin folder with htaccess http://www.ravenphpscripts.com/postt9904.html
2. Don t trust your members and moderators implicitly.
3. Check your server logs as often as possible.
4. Use always the newest phpBB forums version.
5. Use always the newest NukeSentinel version.
5. Possible ban turkey completely.
6. Protect your config.php
7. protect the memberlist (who can view this - admins only !)
8. Change your sitekey often (its a way but I don t believe that this is really helpful against attackers)
etc. etc. etc. |
| |
|
|
|
|
gregexp
The Mouse Is Extension Of Arm
Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
|
| Posted:
Sat Jul 01, 2006 10:26 am |
|
CONSTANTLY watch everything going on with your site, addons are great but you have the ability to stop things as they occur, ban ips that show misbehavior and give NOONE full superuser rights. |
_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! |
|
  
  |
|
manunkind
Client
Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM
|
| Posted:
Sat Jul 01, 2006 11:29 am |
|
Disable all Upload functionality in Modules. |
_________________
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6437
|
| Posted:
Sat Jul 01, 2006 2:28 pm |
|
It's out of date (mainly because NukeSentinel has been updated so many times and I haven't kept up), but my Only registered users can see links on this board! Get registered or login! should help you understand why you don't need the other tools.
That said, it's important to use HTTP admin authentication, apply that to modules/Forums/admin directory, and don't allow uploads unless authorized. |
_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
fkelly
Former Moderator in Good Standing
Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
|
| Posted:
Sun Jul 02, 2006 7:48 am |
|
Htaccess can also be an effective tool to keep people from rummaging thru your site and there are tutorials on its use that you can find by Googling. The only problem with it is that it is very syntax sensitive and if you don't get it just right it will sit there doing nothing and you will sit there thinking you are protected and you won't be. Too bad there is not a "checker" or validator for htaccess the way there is for robots.txt. |
| |
|
|
|
|
Susann
|
| Posted:
Sun Jul 02, 2006 8:15 am |
|
You are right .htaccess is our friend in many ways.
| Quote: | Too bad there is not a "checker" or validator for htaccess the way there is for robots.txt.
|
I´m glad that there isn t a check tool available  Otherwise everybody would be able to check the htaccess |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
