| Author |
Message |
RossDagley
New Member
Joined: Aug 29, 2004
Posts: 7
Location: UK
|
 Posted:
Sun Aug 29, 2004 4:03 pm |
|
Hi guys.
I've spent a few hours browsing over what I can here (and unfortunately before I got here...) also at nukecops. I hope I dont offend anyone here, but I sort of get the idea the guys there don't know what they're talking about so much - they seem to give conflicting info and advice. Like I said - hope to not offend!
Anyway, now I've type-casted myself  ...
I know this a setup destined to go straight to hell, but without too much pointing and laughing, could you guys please help me secure my php-nuke based site. I don't know what I need, and what I dont.
I've got a windows 2003 server, running IIS6 with php-nuke 7.3. I think that also takes care of the phpbb upgrade? It says phpbb 2.0.8 anyway.
Regardless, I'd like to secure the site more, and log any attempts made into the site. I'm a bit stuck as I get the impression that fortress and sentinel (which I presume you're going to recommend...) appear to be orientated towards apache, on linux.
Could you guys point me in the right direction please?
Thanks for any guidance in advance!
--Ross |
| |
|
|
|
TheosEleos
Life Cycles Becoming CPU Cycles
Joined: Sep 18, 2003
Posts: 960
Location: Missouri
|
| Posted:
Sun Aug 29, 2004 4:05 pm |
|
| Quote: | | I hope I dont offend anyone here, but I sort of get the idea the guys there don't know what they're talking about so much - they seem to give conflicting info and advice. Like I said - hope to not offend! |
Don't expect anyone here to get offended at that comment. |
_________________
Only registered users can see links on this board! Get registered or login! |
|
 
 |
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sun Aug 29, 2004 4:08 pm |
|
Apache is only needed if you need/want to block IP's at the server level (.htaccess). Other than that, NukeSentinel will allow the banning of IP's at the site level and should be able to secure your site quite nicely. |
| |
|
|
|
|
RossDagley
|
| Posted:
Sun Aug 29, 2004 4:10 pm |
|
Ok - so a simple case of download sentinel, read instructions, install?
Would this cover most common things? I'm not after uber-1337 security (unplug NIC etc ) but like what I've read about sentinel.
Thanks again!
-Ross |
| |
|
|
|
|
Raven
|
| Posted:
Sun Aug 29, 2004 4:18 pm |
|
And some uncommon ones |
| |
|
|
|
|
GeekyGuy
Client
Joined: Jun 03, 2004
Posts: 302
Location: Huber Heights Ohio
|
| Posted:
Sun Aug 29, 2004 4:18 pm |
|
RossDagley,
If you have any questions, just ask. We want to help you get your site secured with the best protection available. |
_________________
"The Daytona 500 is ours! We won it, we won it, we won it!", Dale Earnhardt, February 15th, 1998, Daytona 500 |
|
 
 |
|
RossDagley
|
| Posted:
Sun Aug 29, 2004 4:22 pm |
|
Really - just a 'your doing the right thing' is great so far! After getting my nuke site hacked this morning, I'm nervous and trying to sort it out 
I found two users in the nuke_auth table and removed those, but the giveaway was the changed welcome message saying you've been h@><0r'd or some such. Presumably kids with too much time on their hands. Its not even a particually interesting site (http://www.thedoctorsclan.com) - just a bunch info for a group of mates mainly...
Anyway - I've installed sentinel now, and I'm just going through the options. Pleased it was so simple to install - I expected a headache, but none so far 
Thanks guys. Really.
--Ross |
| |
|
|
|
|
Raven
|
| Posted:
Sun Aug 29, 2004 5:26 pm |
|
Make sure you activate the Admin Auth! That prevents changes to the authors table, which is how you were hacked. |
| |
|
|
|
|
RossDagley
|
| Posted:
Sun Aug 29, 2004 5:32 pm |
|
Yes. Thanks! I've got my head round it now, i think! I've certainly done that change, thats for sure.
Thanks again for all your help. I hope this is all I need to add. 
--R |
| |
|
|
|
|
jodale
New Member
Joined: Sep 05, 2004
Posts: 2
|
| Posted:
Sun Sep 05, 2004 3:16 pm |
|
My website is hosted on a professional host. I have uploaded all my files and ran the install script. I updated my mainfile.php and everything looks good. Here is my question, I am unable to find the .htaccess file and when I try to upload it again, it doesn't show up...am I missing something? If I am unable to use .htaccess, what do I put for the .htaccess path in the admin console? Thanks. |
| |
|
|
|
|
GeekyGuy
|
| Posted:
Sun Sep 05, 2004 3:23 pm |
|
jodale,
It could be hidden. What program are you using to upload the files with?
You can use just .htaccess in the path, unless you are on a virtual hosting server. then you might have to use the entrie path to the .htaccess file. |
| |
|
|
|
|
Muffin
Client
Joined: Apr 10, 2004
Posts: 649
Location: UK
|
| Posted:
Sun Sep 05, 2004 3:25 pm |
|
You won't see your .htaccess file in your ftp client. If you have cpanel on your host, which I think you will have as it's a professional host, go into file manager and open the abuse folder in Sentinel and you'll see it there. Just check it's chmod 666, its probably still 644, if it is 644 change it to 666 save and exit. |
_________________
Classic Mini rules the bends & bends the rules!
[img] |
|
|
|
|
jodale
|
| Posted:
Sun Sep 05, 2004 3:42 pm |
|
WOW!!! You guys are quick. Thanks for the help, that worked just fine. Thanks again. |
| |
|
|
|
|
Raven
|
| Posted:
Sun Sep 05, 2004 3:52 pm |
|
Most ftp clients have a way of displaying hidden files on the server. For example wsftp simply requires you to add '-la' in the files mask text box and then all hidden files are displayed. Most other ftp clients have a similar mechanism. |
| |
|
|
|
|
Muffin
|
| Posted:
Sun Sep 05, 2004 4:20 pm |
|
I didnt know that Raven, thanks for that. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
