]
08-15-2012, 06:38 PM
12 Ways to protect your MyBB forum
--------------------------------------------------------------------------------
12 Ways to protect your MyBB forum
I'll share a few simple ways to secure MyBB forum, for the master security, do not read because it's only for a newbie like me.
A. Use a password that is STRONG and always on the Update
The first definite strength of our passwords and do not forget to have your password update.pastikan always have at least 8 characters dng a combination of numbers, letters and special characters.
2. Check CHMOD permissions you.
For just a precaution, make sure you check the CHMOD permissions on the file manager. Directories should be 755, and 644 files. Config.php file you can change it to 444 if you like. As its structure is as follows:
Required -. / Inc / settings.php - 666
Required -. / Inc / config.php - 666 (install) 444 (after installation)
Required -. / Cache / - 777
Required -. / Cache / themes / - 777
Required -. / Uploads / - 777
Required -. / Uploads / avatars / - 777
Optional -. / Admin / backups / - 777
Optional -. / Inc / languages ​​/ * language * / * all files * / - 666
Optional -. / Inc / languages ​​/ * language * / admin / * all files * / - 666
3. Protect your config.php file.
To prevent direct access to the config.php file, it helps you make the rules. Htaccess. Create a file. Htaccess in the directory / inc, and enter the following:
[php] </ p>
<files config.php>
Order deny, allow
deny from all
</ Files>
<div>
<div> [/ php]
This way if someone tries to access the config.php file directly, it will switch to Forbiden Error 403 page.
4. Protect the admin page. Htaccsess.
make the rules in the. htaccess to allow only certain IP that can access the admin page. This may be an excellent way to protect the admin pages, create a file. Htaccess in the directory. / Admin, and then fill in the following code
RewriteEngine On
RewriteBase /
RewriteCond% {REMOTE_HOST}! ^ 12 \ .345 \ .678 \ .9
RewriteRule. * [You must be registered and logged in to see this link.] [R = 301, L]
There was a green color, change your IP dng, and red colors which change with the address where the others will be on divert if it does not match the IP. As for the multi admin or multi IP, this code:
ErrorDocument 403 [You must be registered and logged in to see this link.]
Order deny, allow
Deny from all
Allow from 123.45.67.899
Allow from 998.76.54.321
Its rules are the same as those before him.
5. Rename admin directory.
It's very important to hide the admin directory. By default the directory is admin / admin. Atacker-atacker to prevent irresponsible, we should change the name of the admin directory, do: Edit the file / inc / config.php, then find the following line:
[php] </ p>
<div>
<div> <code> $ config </ code> <code> [</ code> <code> 'admin_dir' </ code> <code>] = </ code> <code> 'admin' </ code> < code>: </ code> </ div>
<div> [/ php]
Replace 'admin' to any directory which is not easily guessed kira2. Once done, then save. Eitt, not yet finished. Do not forget to rename the directory / admin to be the name we have set before them in config.php.
6. Hide the link Admin Control Panel (ACP).
MyBB by default will display a link to the admin page. Usually located at the top of the forum, dng link "ACP". Well, it helps us also to hide this link. So if for example there is an admin account our successful entry, he still could not find its admin page. The way is as follows: Open the file / inc / config.php, then find the line:
[php] </ p>
<div>
<div> <code> $ config </ code> <code> [</ code> <code> 'hide_admin_links' </ code> <code>] = 0; </ code> </ div>
<div> [/ php]
Then, change the value 0 to 1
[php] </ div>
<div>
<div>
<div> <code> $ config </ code> <code> [</ code> <code> 'hide_admin_links' </ code> <code>] = 1; </ code> </ div>
<div> [/ php]
Then save. With this link to the admin page will be hidden.
7. Turn off HTML in posts.
Tau's HTML Injection? must know lahh ... nah, MyBB default is to filter the HTML code in the post, but it helps us to "make sure" again so that MyBB will never allow the HTML into the post, or in other words MyBB have to properly filter any HTML code input by the member / user. How do I?, Okay go to PhpMyAdmin and run the following query:
[php] </ p>
<div>
<div> <code> UPDATE </ code> <code> mybb_forums `` </ code> <code> SET </ code> <code> allowhtml `` = </ code> <code> '0 '</ code> <code>; </ code> </ div>
<div> [/ php]
After that, go to ACP> Tools & Maintenance> Cache Manager> forums> Rebuild Cache. Yup, not going to bother with HTML MyBB reply on user input.
8. Hide MyBB version.
Tells us the same version of the DNG forum saying "Hey hacker, this version of the tablets of my forum. Find a bug there was "haha ... nah, we must hide the version of our forums. How, go to ACP> Configuration> General Configuration> Show Version Numbers> Off. Done deh ...
9. Stay up-to-date by following the MyBB Mailing List.
MyBB always update it if CMS found a bug. But sometimes there are still admin lighthead or too lazy to look for tau. One way to determine the development of the MyBB including security updates, follow the mailing list of MyBB DNG itself. Its mailing lists can be viewed here: MyBB Mailing List.
10. Make sure you use the latest version of MyBB.
Ayolahh ... do not be lazy to upgrade your forum. I've already explained in 9 points. If MyBB CMS released its new version, can be sure there are bugs that have been found in its prior version. And of course you MUST upgrade to it! how can you look at the MyBB Wiki
11. Do not use too much Plugin!.
I do not forbid you to use the plugin you want is fine pake plugins that you think is good. But remember, plugins develop by the third party! not by the developer's official MyBB. Bug can be found in the plugin are you using now? therefore, make sure the plugin you are using the secure and free from all kinds of bugs. 1-2 plugin is enough, in the sense that it was important. As anti-spam for example. The more complex a plugin, the greater the possibility there was a bug!
12. BACKUP
The last Jangal forget to always backup your database regularly, at least two weeks for. Pepatahnya "willing umbrella before it rains". Files, mods or template can be replaced with new ones, but the database does not!
--------------------------------------------------------------------------------
12 Ways to protect your MyBB forum
I'll share a few simple ways to secure MyBB forum, for the master security, do not read because it's only for a newbie like me.
A. Use a password that is STRONG and always on the Update
The first definite strength of our passwords and do not forget to have your password update.pastikan always have at least 8 characters dng a combination of numbers, letters and special characters.
2. Check CHMOD permissions you.
For just a precaution, make sure you check the CHMOD permissions on the file manager. Directories should be 755, and 644 files. Config.php file you can change it to 444 if you like. As its structure is as follows:
Required -. / Inc / settings.php - 666
Required -. / Inc / config.php - 666 (install) 444 (after installation)
Required -. / Cache / - 777
Required -. / Cache / themes / - 777
Required -. / Uploads / - 777
Required -. / Uploads / avatars / - 777
Optional -. / Admin / backups / - 777
Optional -. / Inc / languages ​​/ * language * / * all files * / - 666
Optional -. / Inc / languages ​​/ * language * / admin / * all files * / - 666
3. Protect your config.php file.
To prevent direct access to the config.php file, it helps you make the rules. Htaccess. Create a file. Htaccess in the directory / inc, and enter the following:
[php] </ p>
<files config.php>
Order deny, allow
deny from all
</ Files>
<div>
<div> [/ php]
This way if someone tries to access the config.php file directly, it will switch to Forbiden Error 403 page.
4. Protect the admin page. Htaccsess.
make the rules in the. htaccess to allow only certain IP that can access the admin page. This may be an excellent way to protect the admin pages, create a file. Htaccess in the directory. / Admin, and then fill in the following code
RewriteEngine On
RewriteBase /
RewriteCond% {REMOTE_HOST}! ^ 12 \ .345 \ .678 \ .9
RewriteRule. * [You must be registered and logged in to see this link.] [R = 301, L]
There was a green color, change your IP dng, and red colors which change with the address where the others will be on divert if it does not match the IP. As for the multi admin or multi IP, this code:
ErrorDocument 403 [You must be registered and logged in to see this link.]
Order deny, allow
Deny from all
Allow from 123.45.67.899
Allow from 998.76.54.321
Its rules are the same as those before him.
5. Rename admin directory.
It's very important to hide the admin directory. By default the directory is admin / admin. Atacker-atacker to prevent irresponsible, we should change the name of the admin directory, do: Edit the file / inc / config.php, then find the following line:
[php] </ p>
<div>
<div> <code> $ config </ code> <code> [</ code> <code> 'admin_dir' </ code> <code>] = </ code> <code> 'admin' </ code> < code>: </ code> </ div>
<div> [/ php]
Replace 'admin' to any directory which is not easily guessed kira2. Once done, then save. Eitt, not yet finished. Do not forget to rename the directory / admin to be the name we have set before them in config.php.
6. Hide the link Admin Control Panel (ACP).
MyBB by default will display a link to the admin page. Usually located at the top of the forum, dng link "ACP". Well, it helps us also to hide this link. So if for example there is an admin account our successful entry, he still could not find its admin page. The way is as follows: Open the file / inc / config.php, then find the line:
[php] </ p>
<div>
<div> <code> $ config </ code> <code> [</ code> <code> 'hide_admin_links' </ code> <code>] = 0; </ code> </ div>
<div> [/ php]
Then, change the value 0 to 1
[php] </ div>
<div>
<div>
<div> <code> $ config </ code> <code> [</ code> <code> 'hide_admin_links' </ code> <code>] = 1; </ code> </ div>
<div> [/ php]
Then save. With this link to the admin page will be hidden.
7. Turn off HTML in posts.
Tau's HTML Injection? must know lahh ... nah, MyBB default is to filter the HTML code in the post, but it helps us to "make sure" again so that MyBB will never allow the HTML into the post, or in other words MyBB have to properly filter any HTML code input by the member / user. How do I?, Okay go to PhpMyAdmin and run the following query:
[php] </ p>
<div>
<div> <code> UPDATE </ code> <code> mybb_forums `` </ code> <code> SET </ code> <code> allowhtml `` = </ code> <code> '0 '</ code> <code>; </ code> </ div>
<div> [/ php]
After that, go to ACP> Tools & Maintenance> Cache Manager> forums> Rebuild Cache. Yup, not going to bother with HTML MyBB reply on user input.
8. Hide MyBB version.
Tells us the same version of the DNG forum saying "Hey hacker, this version of the tablets of my forum. Find a bug there was "haha ... nah, we must hide the version of our forums. How, go to ACP> Configuration> General Configuration> Show Version Numbers> Off. Done deh ...
9. Stay up-to-date by following the MyBB Mailing List.
MyBB always update it if CMS found a bug. But sometimes there are still admin lighthead or too lazy to look for tau. One way to determine the development of the MyBB including security updates, follow the mailing list of MyBB DNG itself. Its mailing lists can be viewed here: MyBB Mailing List.
10. Make sure you use the latest version of MyBB.
Ayolahh ... do not be lazy to upgrade your forum. I've already explained in 9 points. If MyBB CMS released its new version, can be sure there are bugs that have been found in its prior version. And of course you MUST upgrade to it! how can you look at the MyBB Wiki
11. Do not use too much Plugin!.
I do not forbid you to use the plugin you want is fine pake plugins that you think is good. But remember, plugins develop by the third party! not by the developer's official MyBB. Bug can be found in the plugin are you using now? therefore, make sure the plugin you are using the secure and free from all kinds of bugs. 1-2 plugin is enough, in the sense that it was important. As anti-spam for example. The more complex a plugin, the greater the possibility there was a bug!
12. BACKUP
The last Jangal forget to always backup your database regularly, at least two weeks for. Pepatahnya "willing umbrella before it rains". Files, mods or template can be replaced with new ones, but the database does not!
