Welcome, Guest. Please Login or Register.
March 28, 2024, 11:32:30 PM
Home Help Search Log in Register
News: If you are still using YaBB SE, please consider upgrading to SMF as soon as possible.

YaBB SE Community  |  English User Help  |  FAQ  |  FAQ: HowTo make the board safer against hacker attacks « previous next »
Pages: [1] Reply Ignore Print
Author Topic: FAQ: HowTo make the board safer against hacker attacks  (Read 45960 times)
andrea
Global Moderator
YaBB God
*****
Posts: 4400


Peace on Earth

WWW
FAQ: HowTo make the board safer against hacker attacks
« on: December 14, 2002, 06:24:06 AM »
Reply with quote

Important for the security is to care for security updates in the board software such as
http://www.yabbse.org/community/index.php?board=9;action=display;threadid=17919

Furthermore there are some general security considerations you can follow as are listed below.

Quote from: andrea on June 21, 2002, 05:52:44 AM
Quote from: PioneeR on June 20, 2002, 09:47:12 PM
Have restored my board now..

What can i do to make it safer??

  • First of all: change your passwords (probably you already did). And make sure the following 3 passwords are all *different*:
    - ftp password
    - phpmyadmin password
    - db access password (the one that is in the file "Settings.php")
    The most important is that the password that is written in the file "Settings.php" is *not* equal to either of your ftp password or your phpMyAdmin password.
    Furthermore make sure that the passwords are hard to be guessed.
  • backup frequently, make sure you know how to restore (db data and html data)
  • check the file protections in your board, reduce them to the minimum that is required to keep the board running
  • delete install files such as install.php, archive.ya, converter.php etc.
  • make sure that your YaBB SE admin user password is hard to guess and again different from the passwords above. The same for other admin members in your board.
  • clean the YaBB SE error log (in the admin menu) after each login failure with your YaBB SE admin user

Quote from: mediman on June 21, 2002, 11:59:14 AM
attachment and flash are also critical!!

  • Don´t allow guests to upload anything[0]Don´t allow script or txtfiles to upload![0]deactivate the flash-thing

Minimal chmod settings for a live board (restrictive security settings):

These are the minimal settings which are required to keep the board working for the public. This is written under the assumption that the admin setup work is finished. That means neither template nor settings can be changed with the admin menu nor packages can be installed with the package manager if these permissions are activated. If you love to play permanently around with your board installation then you should not use those restrictive security settings. These very restrictive security settings are for webmasters only who do not daily use the package manager or daily change the board settings or the template.


file permissions
file permissions (all files such as *.php *.gif etc.)644 (recursively, in all directory tree, in all subfolders)
directory permissions
yabbse755
yabbse/attachments777 if attachments are enabled, 755 if not enabled
yabbse/Sources711
yabbse/Packages755
yabbse/YaBBImages711
yabbse/YaBBImages/avatars755
yabbse/YaBBImages/english711
yabbse/YaBBImages/german711
yabbse/YaBBImages/any-other-subdir711
yabbse/YaBBHelp711
yabbse/YaBBHelp/any-subdir711
yabbse/any-subdir-not-listed-above711
special permissions
Settings.php, Settings_bak.phpchange temporarily to 666 for modifications with the admin menu option, change back to 644 asap after work is done
template.phpif you need to modify with the admin menu option then change to 666, change back to 644 asap after work is done
ftp programsBe aware that ftp programs might change file permissions. Check the file and directory permissions whenever you re-uploaded a file or a directory.
« Last Edit: February 06, 2003, 05:04:59 AM by andrea » Logged

andrea
Global Moderator
YaBB God
*****
Posts: 4400


Peace on Earth

WWW
Re:FAQ: HowTo make the board safer against hacker attacks
« Reply #1 on: December 14, 2002, 06:25:58 AM »
Reply with quote

Can this be moved into the FAQ board?

Question:
Is this to be added: upgrade to 1.5 when this version is out. There should be solved some security issues in that version, right?
« Last Edit: December 14, 2002, 06:26:40 AM by andrea » Logged

David
Destroyer Dave
Global Moderator
YaBB God
*****
Posts: 5761


I'm not a llama!

WWW
Re:FAQ: HowTo make the board safer against hacker attacks
« Reply #2 on: December 14, 2002, 06:28:59 AM »
Reply with quote

Other thing to remember is passwords over 8 characters are useless.  password and passwords are the same to the login system.
Logged

Omar Bazavilvazo
YaBB SE Developer
YaBB God
*****
Posts: 2153


I never said I would stay to the end...

WWW
Re:FAQ: HowTo make the board safer against hacker attacks
« Reply #3 on: December 14, 2002, 07:26:00 AM »
Reply with quote

Quote from: andrea on December 14, 2002, 06:25:58 AMIs this to be added: upgrade to 1.5 when this version is out. There should be solved some security issues in that version, right?

Indeed.

It will, Christian Land security fixes for all know exploits :)

ja ne!
Logged

Greetings from México!
http://omarbazavilvazo.com
Mi foro Español-Japonés
http://hablajapones.org
http://hablajapones.org/index.php/japones/tutoriales/b16.php

NO me manden IM para soporte o dudas
...Leo los foros como todos...
Pages: [1] Reply Ignore Print 
YaBB SE Community  |  English User Help  |  FAQ  |  FAQ: HowTo make the board safer against hacker attacks « previous - next »
 


Powered by MySQL Powered by PHP YaBB SE Community | Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved.
SMF 2.1.4 © 2023, Simple Machines
Valid XHTML 1.0! Valid CSS

Page created in 0.016 seconds with 20 queries.