| Author |
Message |
spyrule
Worker
Joined: Jun 06, 2006
Posts: 105
|
 Posted:
Wed Jun 14, 2006 10:39 pm |
|
Hello,
Now I realize that alot of Nuke Sentinel's security is laid upon .htaccess file security. But the question I have, is how secure is Raven Nuke 7.6 w/Sentinel on an IIS 6 windows server.
Does anybody have any suggestions on how to make my server more secure when in relation to this software (besides the obvious switch to Unix / Linux server. (which honestly for me, isn't any better, because I couldn't assure myself that my server would even BE secure!!!).
Thanks in advance,
btw, opinions are VERY welcome, just no flame/ill speak here please,
Spyrule. |
| |
|
 
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Wed Jun 14, 2006 10:47 pm |
|
You don't have to switch to *nix. *nix is the OS, not the web server. You could just use Apache instead of IIS.
But, NukeSentinel(tm) does NOT need .htaccess nor .staccess to run. Without .htaccess you lose the capability to write your blocked IP's at the server level as opposed to the site level. It's a little less daunting. IIS allows for HTTPAuthentication so you can still use that to protect your admin.php file.
So, bottom line, it's 100% effective on both. |
| |
|
|
|
|
spyrule
|
| Posted:
Thu Jun 15, 2006 7:24 am |
|
nice, ok cool.... that's just a little more mental assurance.
spyrule |
| |
|
|
|
|
spyrule
|
| Posted:
Sat Jun 17, 2006 6:36 pm |
|
well,
As a quick update to this...
I was hacked on another phpnuke site that WASN'T running ravennuke, so I figured, well what the hell, I can move most of my content over to raven in no time.
Got my new site up and running in 10 minutes, added gallery2, imported all my
pictures, tweaked my theme a little for gallery2 (was using gallery1 prior).
and then sat back and waited. Within about an hour I caught a second hack attempt from, what I am assuming (by IP range), was the same person.
This time, however NukeSentinel caught them, and banned their IP range. So far, the 3 times that I have been hacked, have been twice from turkey and 1 from russia. So I just blocked the entire d*** country (my website is english only specialty site on the saltwater aquarium hobby!!!), so I'm not too worried about the limitation this implemented.
But for now, I have noticed that the person attempted again 2 more times before
I blocked the entire country (in this specific case, turkey).
Needless to say... I am happy. Not that I am perfectly safe... that's just unrealistic
in the real world, but better then I was.
Cheers, and Kudo's to the Raventeam.
Spyrule |
| |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Sat Jun 17, 2006 7:19 pm |
|
Gallery will leave you open, so make sure you take all the precautions you can with that like making it for reg users only etc. It won't stop them but it should slow them enough to pick a different target.
If you do not want you url public, can you pm me the url to your site as I have an interest in tropical fish also. |
| |
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
