How to make forum more secure?
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=17355
Printed Date: 15 April 2026 at 12:33pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: How to make forum more secure?
Posted By: likefuture
Subject: How to make forum more secure?
Date Posted: 26 November 2005 at 1:07pm
|
Hi. I read some posts about the Hacker, but still have no idea about how to prevent my website be damaged.
First question, maybe stupid, how to disable the write permission for my site? in the file explorer or IIS?
secondly, I want to allow my users to upload file to the forum. So the folder has the write permission. Does it mean I am on the risk of Turkish hacker and no way to solve the problem?
and what else do I need pay attension to for the security?
thanks.
|
Replies:
Posted By: dj air
Date Posted: 27 November 2005 at 10:36am
|
1, you need ot edit the folders permissions somehow sometimes it has to be done by the web host or a web file manager. you uncheck the write permissions. and only allow read. 2.you can allow uploading but that does pose a threat, and forum/forum_images is the only folder that requires write permissions and also the database folder if you have the database inside the rooot folder thats if using access. for the database folder. the database folder requires write acces sand read, but if outside the root folder its at less risk for attack on your website. to help prevent remote submmissions and also prevent robot hacking forum submissions keep the security images active. alsways have a alpha numericval password and dont have a directory password. best password is a alpha numerical and 8 charecters or above. |
Posted By: JJLatWebWiz
Date Posted: 28 November 2005 at 11:51am
|
Ahh, the question for the ages. I've seen the moderators refer this question many times to the http://www.webwiz.net/web_wiz_forums/docs_menu.asp?mode=forum - installation instuctions , which include a link to moving and renaming the Access MDB.
If you use the Access version, making that Access MDB inaccessible is critical. If the MDB is in a folder that can be accessed directly by a web browser, the MDB as a file can easily be downloaded and then opened locally in MS Access. If you can't put the MDB in a folder above your web root, you should assume a hacker can download it at will and you need to seriously look for a better host. You could use a username and password on the MDB, but Access security is notoriously weak and pointless for keeping a semi-savvy hacker out. For better security, pay for an MS SQL hosting plan. But that's just the first line of defense to protect the basic integrity of the database. After that you have to make sure you're using the most secure ASP code. Remember that hackers are always looking for holes so you have to check regularly for code updates. Use extreme caution when changing the default forum settings, especially the types of files users are allowed to upload. If a hacker can upload his own ASP file, your entire site is wide open for all sorts of hacker fun. Adjust folder security so that web users have Read-Only access to all folders except the folders for the Access MDB and uploads. And last, the only thing that will save you from the worst disaster that can happen is the acceptance that a hacker WILL eventually break in and destroy everything you've done. WHEN a hacker hits your site, the only protection will be a good and frequent backup. ------------- p.s. I'm not affiliated with Web Wiz Guide in any way. I'm just an average Web Wiz user repaying my debt for the use of their fine forum by trying to help other Web Wiz Guide users. |
Posted By: Lynford
Date Posted: 28 November 2005 at 12:52pm
I think I'm stupid. Cancel that, I know I am 
I have moved and renamed the Database, into the Private folder in my FTP program. i have also changed the Common.asp files to try to get them to point to the DB.
Should the bit in the Common.asp files read private/nameofDB.mbd ?
I get a 'This page is not available' page.
Thanks for any help
 |
Posted By: WebWiz-Bruce
Date Posted: 29 November 2005 at 12:45pm
|
1st turn off friendly HTTP errors in IE so you get an accurate error message. However, it looks like your path is incorrect. The private directory is usually above the root of your web site, so you need to move up a directory or directories using ../ eg: ../../private/db.mdb The above will move up two parent directories ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: Lynford
Date Posted: 30 November 2005 at 2:40pm
Spot on mate - Thanks very much. I am (I think) secure now.
Is a 6 digit (alphanumeric) Database name ok, or should it be more ? Can it include symbols such as *&^%$ ?
Thanks again
 |
-boRg- wrote:Posted By: dj air
Date Posted: 30 November 2005 at 5:01pm
|
6 alphanumeric is good with where it is the systems mentioned i dont belive are usable |
Posted By: Lynford
Date Posted: 01 December 2005 at 1:40am
Ta
|