My Forum ~ it is Secure ?

Hello guys,
Those are the changed that i've done for an better security in my forum.
1) Changed Admin Directory
2) Set Admin CP PIN
3) .htaccess file to the directory /inc.
4) Allow logging in my Admin CP only from my IP.
5) Password Protect Directories for Admin files.
6) MyBB latest version to show , i set OFF.
7) Secured my account from attacks
But the last thing that i am trying to do is to install the firewalls called
ConfigServer Firewall :: Advanced Protection and
PHP Website Firewall
but which Firewall it is better, how to install !

Find

Reply

I am not an expert in this but @Marcus_Avrelius shoud be able to help you with this. What I can recommend you is not to reveal which user is administrator.

In other words many forums make it easy for someone interesting in hacking that forum by identifying who's webmaster, moderator and super-moderator just show something like LetsForum "Forum stuff".

Find

Reply

Hi you did a great job securing your forum! There is a simple but working PHP firewall called "[b]php-firewall[/b]"

It's pretty easy to install.

Download PHP firewall here: https://code.google.com/p/php-firewall/d...p&can=2&q=

Unzip the content of that file.

Using FTP FileZilla upload the entire folder called php-firewall to where global.php file is stored (Main directories where you see folder like images, inc, cache, uploads).

Using FTP FileZilla go inside the "php-firewall" find file called logs.txt right click it and in the popup menu select File Permissions where it says numeric value enter 777 and press OK.

Now again using FileZilla in the main root directory find

PHP Code:

global.php 


download it to your computer then open it with Notepad and on top of the screen find:

PHP Code:

< ?php 


Add below:

PHP Code:

define('PHP_FIREWALL_REQUEST_URI', strip_tags( $_SERVER['REQUEST_URI'] ) );
define('PHP_FIREWALL_ACTIVATION', true );
if ( is_file( @dirname(__FILE__).'/php-firewall/firewall.php' ) )
    include_once( @dirname(__FILE__).'/php-firewall/firewall.php' ); 


The code should look like this:

PHP Code:

<?php
define('PHP_FIREWALL_REQUEST_URI', strip_tags( $_SERVER['REQUEST_URI'] ) );
define('PHP_FIREWALL_ACTIVATION', true );
if ( is_file( @dirname(__FILE__).'/php-firewall/firewall.php' ) )
    include_once( @dirname(__FILE__).'/php-firewall/firewall.php' ); 
/**
 * MyBB 1.6
 * Copyright 2010 MyBB Group, All Rights Reserved
 *
 * Website: http://mybb.com
 * License: http://mybb.com/about/license
 *
 * $Id$
 */ 


Save it and then upload it to your server where global.php is. I t will tell you that this file already exists so just choose overwrite.

Let me know if you have any further questions.

Find

Reply

Done, but it is any way to control this firewall for e.x to find attackers or something else . ? Thanks

Find

Reply

Download and check your logs.txt file to see what is going on

Find

Reply

Stay away from MYBB plugins that are know to make your forum vulnerable.

Find

Reply