Text only | Text with Images

Simple Machines Community Forum

SMF Support => Server Performance and Configuration => Topic started by: victory1935 on October 01, 2013, 02:33:11 AM

Title: how can i protect my forum
Post by: victory1935 on October 01, 2013, 02:33:11 AM
hellow...  Pls how can i protect my forum from various hacking techniques such as sql injection, xss, phissing and most of all DDOS.. Thanks
Title: Re: how can i protect my forum
Post by: Arantor on October 01, 2013, 05:14:07 AM
SQL injection is already taken care of by SMF, or should be unless it's been modified. XSS is generally also handled by SMF itself, though any custom code you may have may not be so protected.

Phishing is not something SMF can protect against because that's up to your members to be smart enough not to give away their details to third party sites.

And DDOS isn't something you protect against at the application layer, because it's a problem lower down the stack and you generally need your host to be involved on that one.
Title: Re: how can i protect my forum
Post by: ziycon on October 01, 2013, 05:21:29 AM
Hi victory1935, most good hosts will already have a firewall in front of all the servers they host, if your on a VPS you can configure your own server using iptables or something similar to block request on unused ports and block other security related requests for an added layer of security.
Title: Re: how can i protect my forum
Post by: victory1935 on October 01, 2013, 06:23:40 PM
Quote from: Arantor on October 01, 2013, 05:14:07 AM
SQL injection is already taken care of by SMF, or should be unless it's been modified. XSS is generally also handled by SMF itself, though any custom code you may have may not be so protected.

Phishing is not something SMF can protect against because that's up to your members to be smart enough not to give away their details to third party sites.

And DDOS isn't something you protect against at the application layer, because it's a problem lower down the stack and you generally need your host to be involved on that one.

ok thanks.. I discovered that i was able to upload shell in the download system ... Is there any way i can block the uploading of files in .php format and also the attaching of files in .php format. Thanks
Title: Re: how can i protect my forum
Post by: Arantor on October 01, 2013, 06:27:07 PM
In the download system? That's nothing to do with SMF itself, that's the download system at fault and we (SMF devs) are not responsible for mods that don't do it properly. (To do that in SMF with attachments you specifically have to misconfigure it manually by a direct database change)
Title: Re: how can i protect my forum
Post by: victory1935 on October 02, 2013, 09:07:31 AM
ok. thanks.. this are useful replies. topic solved ;D
Text only | Text with Images