Important for the security is to care for security updates in the board software such as
http://www.yabbse.org/community/index.php?board=9;action=display;threadid=17919Furthermore there are some general security considerations you can follow as are listed below.
Quote from: andrea on June 21, 2002, 05:52:44 AM
Quote from: PioneeR on June 20, 2002, 09:47:12 PM
Have restored my board now..
What can i do to make it safer??
- First of all: change your passwords (probably you already did). And make sure the following 3 passwords are all *different*:
- ftp password
- phpmyadmin password
- db access password (the one that is in the file "Settings.php")
The most important is that the password that is written in the file "Settings.php" is *not* equal to either of your ftp password or your phpMyAdmin password.
Furthermore make sure that the passwords are hard to be guessed.
- backup frequently, make sure you know how to restore (db data and html data)
- check the file protections in your board, reduce them to the minimum that is required to keep the board running
- delete install files such as install.php, archive.ya, converter.php etc.
- make sure that your YaBB SE admin user password is hard to guess and again different from the passwords above. The same for other admin members in your board.
- clean the YaBB SE error log (in the admin menu) after each login failure with your YaBB SE admin user
Quote from: mediman on June 21, 2002, 11:59:14 AM
attachment and flash are also critical!!
- Don´t allow guests to upload anything[0]Don´t allow script or txtfiles to upload![0]deactivate the flash-thing
Minimal chmod settings for a live board (restrictive security settings): These are the minimal settings which are required to keep the board working for the public. This is written under the assumption that the admin setup work is finished. That means neither template nor settings can be changed with the admin menu nor packages can be installed with the package manager if these permissions are activated. If you love to play permanently around with your board installation then you should not use those restrictive security settings. These very restrictive security settings are for webmasters only who do not daily use the package manager or daily change the board settings or the template.
| file permissions | |
| file permissions (all files such as *.php *.gif etc.) | 644 (recursively, in all directory tree, in all subfolders) |
| directory permissions | |
| yabbse | 755 |
| yabbse/attachments | 777 if attachments are enabled, 755 if not enabled |
| yabbse/Sources | 711 |
| yabbse/Packages | 755 |
| yabbse/YaBBImages | 711 |
| yabbse/YaBBImages/avatars | 755 |
| yabbse/YaBBImages/english | 711 |
| yabbse/YaBBImages/german | 711 |
| yabbse/YaBBImages/any-other-subdir | 711 |
| yabbse/YaBBHelp | 711 |
| yabbse/YaBBHelp/any-subdir | 711 |
| yabbse/any-subdir-not-listed-above | 711 |
| special permissions | |
| Settings.php, Settings_bak.php | change temporarily to 666 for modifications with the admin menu option, change back to 644 asap after work is done |
| template.php | if you need to modify with the admin menu option then change to 666, change back to 644 asap after work is done |
| ftp programs | Be aware that ftp programs might change file permissions. Check the file and directory permissions whenever you re-uploaded a file or a directory. |
Author