Web Wiz - Green Windows Web Hosting - Celebrating 25 Years!
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - How to make forum more secure?
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

How to make forum more secure?
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
likefuture View Drop Down
Newbie
Newbie


Joined: 27 September 2005
Status: Offline
Points: 17 		Post Options Post Options   Thanks (0) Thanks(0)   Quote likefuture Quote  Post ReplyReply Direct Link To This Post Topic: How to make forum more secure?
    Posted: 26 November 2005 at 1:07pm
Hi. I read some posts about the Hacker, but still have no idea about how to prevent my website be damaged.
 
First question, maybe stupid, how to disable the write permission for my site? in the file explorer or IIS?
 
secondly, I want to allow my users to upload file to the forum. So the folder has the write permission. Does it mean I am on the risk of Turkish hacker and no way to solve the problem?
 
and what else do I need pay attension to for the security?
 
thanks.
Back to Top
dj air View Drop Down
Senior Member
Senior Member
Avatar

Joined: 05 April 2002
Location: United Kingdom
Status: Offline
Points: 3627 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dj air Quote  Post ReplyReply Direct Link To This Post Posted: 27 November 2005 at 10:36am
1, you need ot edit the folders permissions somehow sometimes it has to be done by the web host or a web file manager.

you uncheck the write permissions. and only allow read.

2.you can allow uploading but that does pose a threat, and forum/forum_images is the only folder that requires write permissions and also the database folder if you have the database inside the rooot folder

thats if using access. for the database folder.

the database folder requires write acces sand read, but if outside the root folder its at less risk for attack on your website.


to help prevent remote submmissions and also prevent robot hacking forum submissions keep the security images active.

alsways have a alpha numericval password and dont have a directory password. best password is a alpha numerical and 8 charecters or above.
Back to Top
JJLatWebWiz View Drop Down
Groupie
Groupie
Avatar

Joined: 02 March 2005
Location: United States
Status: Offline
Points: 136 		Post Options Post Options   Thanks (0) Thanks(0)   Quote JJLatWebWiz Quote  Post ReplyReply Direct Link To This Post Posted: 28 November 2005 at 11:51am
Ahh, the question for the ages. I've seen the moderators refer this question many times to the installation instuctions, which include a link to moving and renaming the Access MDB.

If you use the Access version, making that Access MDB inaccessible is critical. If the MDB is in a folder that can be accessed directly by a web browser, the MDB as a file can easily be downloaded and then opened locally in MS Access. If you can't put the MDB in a folder above your web root, you should assume a hacker can download it at will and you need to seriously look for a better host. You could use a username and password on the MDB, but Access security is notoriously weak and pointless for keeping a semi-savvy hacker out.

For better security, pay for an MS SQL hosting plan.

But that's just the first line of defense to protect the basic integrity of the database. After that you have to make sure you're using the most secure ASP code. Remember that hackers are always looking for holes so you have to check regularly for code updates.

Use extreme caution when changing the default forum settings, especially the types of files users are allowed to upload. If a hacker can upload his own ASP file, your entire site is wide open for all sorts of hacker fun.

Adjust folder security so that web users have Read-Only access to all folders except the folders for the Access MDB and uploads.

And last, the only thing that will save you from the worst disaster that can happen is the acceptance that a hacker WILL eventually break in and destroy everything you've done. WHEN a hacker hits your site, the only protection will be a good and frequent backup.
p.s. I'm not affiliated with Web Wiz Guide in any way. I'm just an average Web Wiz user repaying my debt for the use of their fine forum by trying to help other Web Wiz Guide users.
Back to Top
Lynford View Drop Down
Groupie
Groupie


Joined: 14 December 2004
Status: Offline
Points: 171 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Lynford Quote  Post ReplyReply Direct Link To This Post Posted: 28 November 2005 at 12:52pm
I think I'm stupid. Cancel that, I know I am Embarrassed
 
I have moved and renamed the Database, into the Private folder in my FTP program. i have also changed the Common.asp files to try to get them to point to the DB.
 
Should the bit in the Common.asp files read private/nameofDB.mbd ?
 
I get a 'This page is not available' page.
 
Thanks for any help Big smile
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 29 November 2005 at 12:45pm
1st turn off friendly HTTP errors in IE so you get an accurate error message.

However, it looks like your path is incorrect. The private directory is usually above the root of your web site, so you need to move up a directory or directories using ../   eg:

../../private/db.mdb

The above will move up two parent directories
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
Lynford View Drop Down
Groupie
Groupie


Joined: 14 December 2004
Status: Offline
Points: 171 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Lynford Quote  Post ReplyReply Direct Link To This Post Posted: 30 November 2005 at 2:40pm
Originally posted by -boRg- -boRg- wrote:

However, it looks like your path is incorrect. The private directory is usually above the root of your web site, so you need to move up a directory or directories using ../   eg:

../../private/db.mdb

The above will move up two parent directories
 
Spot on mate - Thanks very much. I am (I think) secure now.
 
Is a 6 digit (alphanumeric) Database name ok, or should it be more ? Can it include symbols such as *&^%$ ?
 
Thanks again Clap
Back to Top
dj air View Drop Down
Senior Member
Senior Member
Avatar

Joined: 05 April 2002
Location: United Kingdom
Status: Offline
Points: 3627 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dj air Quote  Post ReplyReply Direct Link To This Post Posted: 30 November 2005 at 5:01pm
6 alphanumeric is good with where it is

the systems mentioned i dont belive are usable
Back to Top
Lynford View Drop Down
Groupie
Groupie


Joined: 14 December 2004
Status: Offline
Points: 171 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Lynford Quote  Post ReplyReply Direct Link To This Post Posted: 01 December 2005 at 1:40am
Originally posted by dj air dj air wrote:

6 alphanumeric is good with where it is

the systems mentioned i dont belive are usable
 
Ta Big smile
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.