Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > General > General Hosting/Server Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
best way to secure a server? Details »»
best way to secure a server?
Version: , by FockerFGAA FockerFGAA is offline
Developer Last Online: May 2012 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 01-24-2007 Last Update: Never Installs: 0
 
No support by the author.

i want to minimize the chance of someone hacking onto our site. we run joomla as our front end and we use vbulletin 3.6.4 as our board. i know it depends a lot of mods and such and i try to keep up with the most secure ones, but other than that i am really clueless on how to secure a server. any help would be appreciated.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2  
Old 01-25-2007, 10:43 PM
redspider's Avatar
redspider redspider is offline
 
Join Date: Jul 2005
Posts: 225
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

this how I set my forum "

1. I change the name of admin panel and mod panel .(need to change names also in config.php file on your server)

2. I set access password to those folders.

3. I set my self as UNDELETABLE / UNALTERABLE USERS.

4. I have a very strong password and I dont give it away to no one .

5. I encourage staff on my forum to change passwords and use a strong one .

6. I was careful on who I make part of the staff .

7. I always stay current with latest vb release.

8. I dont allow html post .

9. I dont allow html signature to people I dont know.

10. I make backups every day is done automatic by a cron on server.(is done verly late at night)

11. on the server panel I also use a strong password.
12. my shh password is also a strong one hard to guess .
13. I change shh port to another one and set firewall to let me use that port .

14. since is my server I use some other tools like APF + BFD + DDOS + Rootkit.(this can slow down your server )

my english is bad but I hope you get some ideas .
Reply With Quote
  #3  
Old 01-26-2007, 12:44 AM
dsotmoon dsotmoon is offline
 
Join Date: Jun 2003
Location: VA - USA
Posts: 194
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by FockerFGAA View Post
i want to minimize the chance of someone hacking onto our site. we run joomla as our front end and we use vbulletin 3.6.4 as our board. i know it depends a lot of mods and such and i try to keep up with the most secure ones, but other than that i am really clueless on how to secure a server. any help would be appreciated.
redspiders suggestions are great, if you dont know how to secure the server itself you should look into having a server management company do it

platinumservermanagement.com
jonesolutions.com
seeksadmin.com

etc etc
Reply With Quote
  #4  
Old 01-26-2007, 01:38 PM
firstrebel's Avatar
firstrebel firstrebel is offline
 
Join Date: Dec 2005
Location: West London
Posts: 380
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

When I see posts about people getting their server hacked I often wonder if they know about server security. As the last post states, if you don't know then get professional help.

You don't say if it is a *nix or Windows box and what OS and apps will be installed. You will most certainly need to put it behind a firewall.

A server can be very vulnerable if not locked down to the outside world. Weak passwords are the first thing a hacker will go for, and I refer mainly to parts of the server above the web site root and not vB forum user passwords.

Bob
Reply With Quote
  #5  
Old 01-26-2007, 10:40 PM
FockerFGAA FockerFGAA is offline
 
Join Date: Dec 2006
Posts: 113
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thanks for the suggestions. ya i dont know how right know, but i am looking at learning how to do everything. currently we are on a basic shared hosting server but we are looking at getting on a vps and if we go that or the dedicated route then i will want to be able to secure the server the best i can. i appreciate the links to those server management companies as well. im preparing for the inevitable instead of waiting until i have to do it all.
Reply With Quote
  #6  
Old 01-27-2007, 11:08 AM
s25 s25 is offline
 
Join Date: Dec 2005
Posts: 38
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I would also recommend you to join the security mailing lists which apply to you on security focus it is handy as you get the latest exploits and vulns in your inbox (or at least those that are released)
Reply With Quote
  #7  
Old 01-27-2007, 02:16 PM
stinger2's Avatar
stinger2 stinger2 is offline
 
Join Date: Jul 2005
Posts: 274
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

nice small tutorial redspider..thankyou
Reply With Quote
  #8  
Old 02-02-2007, 08:42 AM
salata salata is offline
 
Join Date: Nov 2003
Posts: 252
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by redspider View Post
this how I set my forum "

1. I change the name of admin panel and mod panel .(need to change names also in config.php file on your server)


i tried doing this the config.php is in forums/includes/config.php? is that the right one?

if so, i checked it and dont know where to make the changes.
Reply With Quote
  #9  
Old 02-05-2007, 02:24 PM
salata salata is offline
 
Join Date: Nov 2003
Posts: 252
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by salata View Post
i tried doing this the config.php is in forums/includes/config.php? is that the right one?

if so, i checked it and dont know where to make the changes.
bump
Reply With Quote
  #10  
Old 02-07-2007, 07:43 PM
Jon_Simmonds Jon_Simmonds is offline
 
Join Date: Nov 2005
Location: UK
Posts: 103
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

look for the following lines of text in the config.php file (the path you mentioned is correct)
Code:
//	****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
	//	This setting allows you to change the name of the folders that the admin and
	//	moderator control panels reside in. You may wish to do this for security purposes.
	//	Please note that if you change the name of the directory here, you will still need
	//	to manually change the name of the directory on the server.
$config['Misc']['admincpdir'] = 'admincp';
$config['Misc']['modcpdir'] = 'modcp';
you need to first rename the folders (using a ftp program is probably the easiest way) to something other than what it is, (on my old forum I used admincp->alpha modcp->beta) it does not realy matter what you choose. then edit the config.php and change the admincp/modcp to the new names you chose.

as for server management companies id recommend http://www.acunettmanagement.com/
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:01 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05370 seconds
  • Memory Usage 2,298KB
  • Queries Executed 23 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (9)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete