How to secure my site
« on: September 15, 2013, 06:43:08 PM »
How do I stop hacker for getting into my database and stealing my users data?
Is there a security plugin that will lockout if a login is bombarded with details to break in.

Thank you

*

marcam

  • ****
  • 267
Re: How to secure my site
« Reply #1 on: September 28, 2013, 07:02:29 PM »
version osdate please ??

How do I stop hacker for getting into my database and stealing my users data?
Is there a security plugin that will lockout if a login is bombarded with details to break in.

Thank you
osdate 2.5.4
Flashchat 4.7
php 5.2.7

Re: How to secure my site
« Reply #2 on: September 28, 2013, 08:42:18 PM »
2.6

*

marcam

  • ****
  • 267
Re: How to secure my site
« Reply #3 on: September 28, 2013, 08:47:30 PM »
the chmod on your files is 755  ???

i run osdate more than 2 years and never hacked

2.6
osdate 2.5.4
Flashchat 4.7
php 5.2.7

*

Pharg

  • *****
  • 2,060
  • osDate Version: osDate Evo v1.0
Re: How to secure my site
« Reply #4 on: September 29, 2013, 02:33:20 AM »
Hi yourmate,

Firstly change the database password then in the myconfigs folder upload the attached .htaccess plus make the config file chmod 444 if you hosting allows you to.
Plus protect your .htaccess files by putting into you main .htaccess file in the main dir.
Code: [Select]
#Prevent viewing of .htaccess file

<Files .htaccess>
order allow,deny
deny from all
</Files>

# Protect files

# Disable directory browsing


###############################
# Place this file in your osDate root directory
###############################

################################
#  Add/remove file types you need to restrict access
################################

################################
# PROTECT .htaccess and .htpasswd FILES
################################

<FilesMatch "^\.ht">
  Order allow,deny
  Deny from all
</FilesMatch>

################################
# PPROTECT CONFIG.* FILES
################################

<FilesMatch "^config(\..*)?$">
  Order deny,allow
  Deny from all
</FilesMatch>

################################
# PROTECT FILES DEPENDING ON EXTENSION
################################

<FilesMatch "^(.*)\.(inc|inc\.php|tpl|tpl\.php|sql|dat|csv|exe|dll)$">
  Order deny,allow
  Deny from all
</FilesMatch>

And also make the .htaccess chmod 444 so it can't be written to.

How do I stop hacker for getting into my database and stealing my users data?
Is there a security plugin that will lockout if a login is bombarded with details to break in.

Thank you
« Last Edit: September 29, 2013, 02:39:50 AM by Pharg »
Regards,
Pharg ( Phill )

REMEMBER: ALWAYS BACKUP BEFORE YOU MAKE ANY CHANGES!!

osDate v2.7 & osDateEvo v1.0 | PHP: 5.3.42 & PHP: 5.6.18 | MySQL: 5.5.35

Re: How to secure my site
« Reply #5 on: September 29, 2013, 09:06:57 AM »
Sorry,

but direct access to config.php to read some defined variables, like
Code: [Select]
<?php
error_reporting
'E_none');

include( 
'http://www.myOSDateDomain.net/temp/myconfigs/config.php' );

echo 
'DB_USER  :  ' .DB_USER'<br>';
echo 
"DB_NAME  :  " .DB_NAME"<br>";
echo 
"DB_HOST  :  " .DB_HOST"<br>";
echo 
"DB_PASS  :  " .DB_PASS"<br>";
echo 
"DB_TYPE  :  " .DB_TYPE"<br>";
echo 
"DB_PREFIX:  " .DB_PREFIX."<br>";
echo 
"C_VERSION:  " .C_VERSION."<br>";
echo 
constant("DB_USER");

?>


is not possible. A white screen without any code is the result.
osDate 3.0 (osDatePDO) based on original Developer Copy of osDatePDO 3.0 | PHP: 5.7 | MySQL: 5.5.24 | Apache 2.2.22 | Debian 7.8 |

Please ask questions in forum - no pm support!
If you write a pm, use german oder english language, please!

*

CBG

  • *****
  • 673
    • osDate Forum
Re: How to secure my site
« Reply #6 on: September 29, 2013, 09:48:07 AM »
If you running on shared hosting, it is as security as your hosting providers server is.
So when picking a host, try and find out if they run Mod Security with a good set of loaded rules, as this can be load with rules to help protect the customers site.

To be safer:

1. Don't use easy passwords for osDate admin, hosting control panel etc...
2. Run a good .htaccess if you can run it, like posted above.
3. Check members as and when they sign up, to see if they tell the truth on location, you just need there IP address.

I am running on NetHosted shared server hosted in the UK, same place as this site is running.
They may not be cheap, but are good.
« Last Edit: September 29, 2013, 09:49:49 AM by CBG »
Regards,
CBG (Garry)
osDate: 2.6.5, 2.7 & Evo
PHP: 5.5.x/5.6.x (5.3.x to 5.6.x) | MySQL: 5.5.34-cll

Re: How to secure my site
« Reply #7 on: September 29, 2013, 10:42:53 AM »
The most problems you get with any websoftware finds reasons in bad configured servers....
osDate 3.0 (osDatePDO) based on original Developer Copy of osDatePDO 3.0 | PHP: 5.7 | MySQL: 5.5.24 | Apache 2.2.22 | Debian 7.8 |

Please ask questions in forum - no pm support!
If you write a pm, use german oder english language, please!

Re: How to secure my site
« Reply #8 on: November 25, 2013, 08:52:11 AM »
The most problems you get with any websoftware finds reasons in bad configured servers....

I dont agree with that.
Most servers are hacked through bad configured and not update web software
Visit us at osDate @ woensdag

Re: How to secure my site
« Reply #9 on: September 14, 2014, 10:15:44 AM »
more of the server a hacked by ssh and back ports . Install Fail2ban and after two days look the file deny.hots inside the folder /etc
You will see hundreds of IP of people try to attack your server by SSH
The best is if you have a external control panel close SSH and only open when you need

Re: How to secure my site
« Reply #10 on: September 14, 2014, 10:43:01 AM »
Install Fail2ban ...

I want to make 5000 clicks on a "Like-Button" for this post - but i cannot find it in this forum!

But fail2ban is only a important tool for owner of a server, most people get webspace on server farms and have no rootrights...
osDate 3.0 (osDatePDO) based on original Developer Copy of osDatePDO 3.0 | PHP: 5.7 | MySQL: 5.5.24 | Apache 2.2.22 | Debian 7.8 |

Please ask questions in forum - no pm support!
If you write a pm, use german oder english language, please!