News:

Wondering if this will always be free?  See why free is better.

Main Menu

how can i protect my forum

Started by victory1935, October 01, 2013, 02:33:11 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

victory1935

October 01, 2013, 02:33:11 AM
hellow...  Pls how can i protect my forum from various hacking techniques such as sql injection, xss, phissing and most of all DDOS.. Thanks

Arantor

#1
October 01, 2013, 05:14:07 AM
SQL injection is already taken care of by SMF, or should be unless it's been modified. XSS is generally also handled by SMF itself, though any custom code you may have may not be so protected.

Phishing is not something SMF can protect against because that's up to your members to be smart enough not to give away their details to third party sites.

And DDOS isn't something you protect against at the application layer, because it's a problem lower down the stack and you generally need your host to be involved on that one.
Holder of controversial views, all of which my own.

ziycon

#2
October 01, 2013, 05:21:29 AM
Hi victory1935, most good hosts will already have a firewall in front of all the servers they host, if your on a VPS you can configure your own server using iptables or something similar to block request on unused ports and block other security related requests for an added layer of security.

victory1935

#3
October 01, 2013, 06:23:40 PM
Quote from: Arantor on October 01, 2013, 05:14:07 AM
SQL injection is already taken care of by SMF, or should be unless it's been modified. XSS is generally also handled by SMF itself, though any custom code you may have may not be so protected.

Phishing is not something SMF can protect against because that's up to your members to be smart enough not to give away their details to third party sites.

And DDOS isn't something you protect against at the application layer, because it's a problem lower down the stack and you generally need your host to be involved on that one.

ok thanks.. I discovered that i was able to upload shell in the download system ... Is there any way i can block the uploading of files in .php format and also the attaching of files in .php format. Thanks

Arantor

#4
October 01, 2013, 06:27:07 PM
In the download system? That's nothing to do with SMF itself, that's the download system at fault and we (SMF devs) are not responsible for mods that don't do it properly. (To do that in SMF with attachments you specifically have to misconfigure it manually by a direct database change)
Holder of controversial views, all of which my own.

victory1935

#5
October 02, 2013, 09:07:31 AM
ok. thanks.. this are useful replies. topic solved ;D
Print
Go Up Pages1
User actions
Advertisement: