Web Wiz Support and Community Forums : How to make forum more secure? https://forums.webwiz.net/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Wed, 15 Apr 2026 15:27:31 +0000 Thu, 01 Dec 2005 01:40:45 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.08 360 https://forums.webwiz.net/RSS_post_feed.asp?TID=17355 <![CDATA[Web Wiz Support and Community Forums]]> https://forums.webwiz.net/forum_images/web_wiz_forums.png https://forums.webwiz.net/ <![CDATA[How to make forum more secure? : dj air wrote:6 alphanumeric...]]> https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94668.html#94668 Author: Lynford
Subject: 17355
Posted: 01 December 2005 at 1:40am

Originally posted by dj air dj air wrote:

6 alphanumeric is good with where it is

the systems mentioned i dont belive are usable
 
Ta Big smile
]]> Thu, 01 Dec 2005 01:40:45 +0000 https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94668.html#94668 <![CDATA[How to make forum more secure? : 6 alphanumeric is good with where...]]> https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94651.html#94651 Author: dj air
Subject: 17355
Posted: 30 November 2005 at 5:01pm

6 alphanumeric is good with where it is

the systems mentioned i dont belive are usable
]]> Wed, 30 Nov 2005 17:01:34 +0000 https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94651.html#94651 <![CDATA[How to make forum more secure? : -boRg- wrote:However, it looks...]]> https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94642.html#94642 Author: Lynford
Subject: 17355
Posted: 30 November 2005 at 2:40pm

Originally posted by -boRg- -boRg- wrote:

However, it looks like your path is incorrect. The private directory is usually above the root of your web site, so you need to move up a directory or directories using ../   eg:

../../private/db.mdb

The above will move up two parent directories
 
Spot on mate - Thanks very much. I am (I think) secure now.
 
Is a 6 digit (alphanumeric) Database name ok, or should it be more ? Can it include symbols such as *&^%$ ?
 
Thanks again Clap
]]> Wed, 30 Nov 2005 14:40:20 +0000 https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94642.html#94642 <![CDATA[How to make forum more secure? : 1st turn off friendly HTTP errors...]]> https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94554.html#94554 Author: WebWiz-Bruce
Subject: 17355
Posted: 29 November 2005 at 12:45pm

1st turn off friendly HTTP errors in IE so you get an accurate error message.

However, it looks like your path is incorrect. The private directory isusually above the root of your web site, so you need to move up adirectory or directories using ../   eg:

../../private/db.mdb

The above will move up two parent directories
]]> Tue, 29 Nov 2005 12:45:05 +0000 https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94554.html#94554 <![CDATA[How to make forum more secure? : I think I&#039;m stupid. Cancel...]]> https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94506.html#94506 Author: Lynford
Subject: 17355
Posted: 28 November 2005 at 12:52pm

I think I'm stupid. Cancel that, I know I am Embarrassed
 
I have moved and renamed the Database, into the Private folder in my FTP program. i have also changed the Common.asp files to try to get them to point to the DB.
 
Should the bit in the Common.asp files read private/nameofDB.mbd ?
 
I get a 'This page is not available' page.
 
Thanks for any help Big smile
]]> Mon, 28 Nov 2005 12:52:48 +0000 https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94506.html#94506 <![CDATA[How to make forum more secure? : Ahh, the question for the ages....]]> https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94501.html#94501 Author: JJLatWebWiz
Subject: 17355
Posted: 28 November 2005 at 11:51am

Ahh, the question for the ages. I've seen the moderators refer this question many times to the installation instuctions, which include a link to moving and renaming the Access MDB.

If you use the Access version, making that Access MDB inaccessible is critical. If the MDB is in a folder that can be accessed directly by a web browser, the MDB as a file can easily be downloaded and then opened locally in MS Access. If you can't put the MDB in a folder above your web root, you should assume a hacker can download it at will and you need to seriously look for a better host. You could use a username and password on the MDB, but Access security is notoriously weak and pointless for keeping a semi-savvy hacker out.

For better security, pay for an MS SQL hosting plan.

But that's just the first line of defense to protect the basic integrity of the database. After that you have to make sure you're using the most secure ASP code. Remember that hackers are always looking for holes so you have to check regularly for code updates.

Use extreme caution when changing the default forum settings, especially the types of files users are allowed to upload. If a hacker can upload his own ASP file, your entire site is wide open for all sorts of hacker fun.

Adjust folder security so that web users have Read-Only access to all folders except the folders for the Access MDB and uploads.

And last, the only thing that will save you from the worst disaster that can happen is the acceptance that a hacker WILL eventually break in and destroy everything you've done. WHEN a hacker hits your site, the only protection will be a good and frequent backup.]]> Mon, 28 Nov 2005 11:51:38 +0000 https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94501.html#94501 <![CDATA[How to make forum more secure? : 1, you need ot edit the folders...]]> https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94422.html#94422 Author: dj air
Subject: 17355
Posted: 27 November 2005 at 10:36am

1, you need ot edit the folders permissions somehow sometimes it has to be done by the web host or a web file manager.

you uncheck the write permissions. and only allow read.

2.you can allow uploading but that does pose a threat, andforum/forum_images is the only folder that requires write permissionsand also the database folder if you have the database inside the roootfolder

thats if using access. for the database folder.

the database folder requires write acces sand read, but if outside the root folder its at less risk for attack on your website.


to help prevent remote submmissions and also prevent robot hacking forum submissions keep the security images active.

alsways have a alpha numericval password and dont have a directorypassword. best password is a alpha numerical and 8 charecters or above.
]]> Sun, 27 Nov 2005 10:36:13 +0000 https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94422.html#94422 <![CDATA[How to make forum more secure? : Hi. I read some posts about the...]]> https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94373.html#94373 Author: likefuture
Subject: 17355
Posted: 26 November 2005 at 1:07pm

Hi. I read some posts about the Hacker, but still have no idea about how to prevent my website be damaged.
 
First question, maybe stupid, how to disable the write permission for my site? in the file explorer or IIS?
 
secondly, I want to allow my users to upload file to the forum. So the folder has the write permission. Does it mean I am on the risk of Turkish hacker and no way to solve the problem?
 
and what else do I need pay attension to for the security?
 
thanks.
]]> Sat, 26 Nov 2005 13:07:44 +0000 https://forums.webwiz.net/how-to-make-forum-more-secure_topic17355_post94373.html#94373