PDA

View Full Version : best way to secure a server?


FockerFGAA
01-24-2007, 03:08 AM
i want to minimize the chance of someone hacking onto our site. we run joomla as our front end and we use vbulletin 3.6.4 as our board. i know it depends a lot of mods and such and i try to keep up with the most secure ones, but other than that i am really clueless on how to secure a server. any help would be appreciated.

redspider
01-25-2007, 10:43 PM
this how I set my forum "

1. I change the name of admin panel and mod panel .(need to change names also in config.php file on your server)

2. I set access password to those folders.

3. I set my self as UNDELETABLE / UNALTERABLE USERS.

4. I have a very strong password and I dont give it away to no one .

5. I encourage staff on my forum to change passwords and use a strong one .

6. I was careful on who I make part of the staff .

7. I always stay current with latest vb release.

8. I dont allow html post .

9. I dont allow html signature to people I dont know.

10. I make backups every day is done automatic by a cron on server.(is done verly late at night)

11. on the server panel I also use a strong password.
12. my shh password is also a strong one hard to guess .
13. I change shh port to another one and set firewall to let me use that port .

14. since is my server I use some other tools like APF + BFD + DDOS + Rootkit.(this can slow down your server )

my english is bad but I hope you get some ideas .

dsotmoon
01-26-2007, 12:44 AM
i want to minimize the chance of someone hacking onto our site. we run joomla as our front end and we use vbulletin 3.6.4 as our board. i know it depends a lot of mods and such and i try to keep up with the most secure ones, but other than that i am really clueless on how to secure a server. any help would be appreciated.

redspiders suggestions are great, if you dont know how to secure the server itself you should look into having a server management company do it

platinumservermanagement.com
jonesolutions.com
seeksadmin.com

etc etc

firstrebel
01-26-2007, 01:38 PM
When I see posts about people getting their server hacked I often wonder if they know about server security. As the last post states, if you don't know then get professional help.

You don't say if it is a *nix or Windows box and what OS and apps will be installed. You will most certainly need to put it behind a firewall.

A server can be very vulnerable if not locked down to the outside world. Weak passwords are the first thing a hacker will go for, and I refer mainly to parts of the server above the web site root and not vB forum user passwords.

Bob

FockerFGAA
01-26-2007, 10:40 PM
thanks for the suggestions. ya i dont know how right know, but i am looking at learning how to do everything. currently we are on a basic shared hosting server but we are looking at getting on a vps and if we go that or the dedicated route then i will want to be able to secure the server the best i can. i appreciate the links to those server management companies as well. im preparing for the inevitable instead of waiting until i have to do it all.

s25
01-27-2007, 11:08 AM
I would also recommend you to join the security mailing lists which apply to you on security focus it is handy as you get the latest exploits and vulns in your inbox (or at least those that are released)

stinger2
01-27-2007, 02:16 PM
nice small tutorial redspider..thankyou

salata
02-02-2007, 08:42 AM
this how I set my forum "

1. I change the name of admin panel and mod panel .(need to change names also in config.php file on your server)




i tried doing this the config.php is in forums/includes/config.php? is that the right one?

if so, i checked it and dont know where to make the changes.

salata
02-05-2007, 02:24 PM
i tried doing this the config.php is in forums/includes/config.php? is that the right one?

if so, i checked it and dont know where to make the changes.

bump

Jon_Simmonds
02-07-2007, 07:43 PM
look for the following lines of text in the config.php file (the path you mentioned is correct)

// ****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
// This setting allows you to change the name of the folders that the admin and
// moderator control panels reside in. You may wish to do this for security purposes.
// Please note that if you change the name of the directory here, you will still need
// to manually change the name of the directory on the server.
$config['Misc']['admincpdir'] = 'admincp';
$config['Misc']['modcpdir'] = 'modcp';


you need to first rename the folders (using a ftp program is probably the easiest way) to something other than what it is, (on my old forum I used admincp->alpha modcp->beta) it does not realy matter what you choose. then edit the config.php and change the admincp/modcp to the new names you chose.

as for server management companies id recommend http://www.acunettmanagement.com/

houseofpolitics
02-07-2007, 07:58 PM
oo thanks