>> Site Map >> Forums >> PHP-Nuke Security
Forum module - topics in forum:
PHP-Nuke Security - Been hacked? or have a question about securing your site, here's the place.
Hi everyone - general security questions..
Hi,
From a newbie(ish) persepctive - I'd like to ask - what are the obvious things I should be doing to secure my nuke? I have NO login/registration required for my nuke and I do not use the forums within nuke..they are disabled - I would imagine that this ups my security level..?
So - to clarify - is there someone who could write a brief list of things that can be done to secure a nuke site - be it removing files, code - or moving folders.. also - any plugins that work to fight off hack attempts?
May I also ask.. if I do a regular backup each week of my nuke + I keep the whole original nuke folder on my hard drive - in theory - if something big went wrong, I could wipe it all, drag the folder back across and upload the most recent backup.. is this correct? I've not missed anything have I?
Thanks everyone!
| Quote: : |
I have NO login/registration required for my nuke and I do not use the forums within nuke..they are disabled - I would imagine that this ups my security level..? |
Not in the slightest.
| Quote: : |
what are the obvious things I should be doing to secure my nuke? |
Install >Sentinel<
| Quote: : |
I've not missed anything have I? |
Backup the database too.
a chap i know has had this site for almost two years and most of that has been run using phpnuke. he's deleted evertyhing and started from fresh a number of times. i assume due to defacing or other such invasions on the site. i was told a number of weeks ago (after he had started from fresh again) that this was due to the fact that he hadn't been deleting the install script.
let that be a warning to anybody who hasn't done so already with anything on their webservers with an install script.
i personally don't use sentinel. i tried to install it a good while back, but i couldn't get it to work. i guess i installed in wrong. but my webhost is flexihostings who have a patched one-click-install of nuke, and i have three nuke sites (two with protector) and they haven't been defaced in almost two years. i've noticed one of their patches relates to union injections that's in the mainfile.php, but i am sure there are other patches in there.
Is this true - to delete the install script!? You mean simply go into FTP - find the install file and delete it..?
aye
