How do I make my forum safer against hacker attacks: Difference between revisions From Online Manual

Jump to: navigation, search
No edit summary
(Formatting)
Line 1: Line 1:
Keep your SMF version up to date and be on the lookout for security updates.
Keep your SMF version up to date and be on the lookout for security updates. You can also heed the following advice.
In addition to keeping up with security updates and making sure your SMF version is up to date you can follow these steps:


===Change your passwords often, and make sure you have different passwords for your:===
==Password Security==
*FTP
Be sure to change your passwords often and don't use the same password for everything. You should have different passwords for each of the following.
*Database user (MySQL, PostgreSQL, or SQLite)
* FTP
*PhpMyAdmin
* Database (MySQL, PostgreSQL, or SQLite)
*Your forum administrator account
* PhpMyAdmin
The most important password is the database access password (which is usually used to access PhpMyAdmin, or another database management script such as Eskuel). This password is stored in the Settings.php file, and you should make sure this is not the same password you use for your FTP or your forum administrator account.
* SMF Administrator Account


The most important password is the database password, which is usually used to access PhpMyAdmin, Eskuel, etc. This password is stored in the Settings.php file, and you should make sure this is not the same password you use for your FTP or your forum administrator account.


===Additional Password Tips===
*Make sure your passwords are difficult to guess. You can do this by making sure your passwords do not relate to you (i.e. your spouses name), by mixing capital and lowercase letters with numbers, and by using special characters where applicable.
*Make sure your passwords are difficult to guess. You can do this by making sure your passwords do not relate to you (i.e. your spouses name), by mixing capital and lowercase letters with numbers, and by using special characters where applicable.
*Frequently backup your forum database and FTP files, and make sure you understand how to restore these backups (see the available FAQ's about that step).
*Frequently backup your database and FTP files and make sure you understand how to restore these backups.
*Delete Temporary files such as install.php, converters, recovery tools, etc.
*Delete temporary files such as install.php, converters, recovery tools, etc.
*Delete any login failures made by administrators from the error log.
*Delete any login failures made by administrators from the error log.
*Do not allow guests to upload anything.
*Do not allow guests to upload anything.

Revision as of 20:39, 8 September 2010

Keep your SMF version up to date and be on the lookout for security updates. You can also heed the following advice.

Password Security

Be sure to change your passwords often and don't use the same password for everything. You should have different passwords for each of the following.

  • FTP
  • Database (MySQL, PostgreSQL, or SQLite)
  • PhpMyAdmin
  • SMF Administrator Account

The most important password is the database password, which is usually used to access PhpMyAdmin, Eskuel, etc. This password is stored in the Settings.php file, and you should make sure this is not the same password you use for your FTP or your forum administrator account.

Additional Password Tips

  • Make sure your passwords are difficult to guess. You can do this by making sure your passwords do not relate to you (i.e. your spouses name), by mixing capital and lowercase letters with numbers, and by using special characters where applicable.
  • Frequently backup your database and FTP files and make sure you understand how to restore these backups.
  • Delete temporary files such as install.php, converters, recovery tools, etc.
  • Delete any login failures made by administrators from the error log.
  • Do not allow guests to upload anything.
  • Do not allow .exe or Flash files to be uploaded or displayed.


Advertisement: