Security Concerns

Post Reply

Page <12

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
ForumDummy Members Profile Find Members Posts Groupie Joined: 04 December 2006 Status: Offline Points: 58	Post Options Post Reply Quote ForumDummy Report Post Thanks(0) Quote Reply Posted: 08 September 2008 at 12:41pm
	Thanks for the information Scotty. In answer to your question, I am using a robots.txt file. I guess I could make it so that no one would be able to login to admin if their IP address anything other than my own static IP. Would that solve my worries?

ForumDummy Members Profile Find Members Posts Groupie Joined: 04 December 2006 Status: Offline Points: 58	Post Options Post Reply Quote ForumDummy Report Post Thanks(0) Quote Reply Posted: 14 September 2008 at 4:35am
	As I have my own windows server, I have made it so that my admin login screen blocks every IP in the world except my own. I have tested it and it works.

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 15 September 2008 at 10:24am
	There are a number of XSS Exploits, particularly in IE which have come to light since 8.05. These can be launched by placing malicious code into a post. There is also an SQL Injection vulnerability if you are using mySQL database that effected 8.05. If you allow image and/or files uploades, there is also a vulnerability within IE that allows IE to run malicious code hidden within image files, so version 9 scans any uploaded images for malcioucs code. If you allow YouTube or Flash content then there is also a vulnerbility that was fixed for this in version 9.04. For these reasons you should upgrade to the latest release as resticting access to the admin area will not protect against these vulnerbilities.
	Web Wiz Forums Hosting ASP.NET Web Hosting

123Simples Members Profile Find Members Posts Senior Member Joined: 08 July 2007 Location: United Kingdom Status: Offline Points: 1192	Post Options Post Reply Quote 123Simples Report Post Thanks(0) Quote Reply Posted: 15 September 2008 at 5:37pm
	I cannot stress this point enough for peeps Running out of date forum software is like running an out of date virus software - not a great idea. There is a long long list of changes over the version releases, and any hacker worth his salt, will just have to locate older forums and start injecting malicious codes. If you have a great forum then its not wise to take the risk that it will not be comprimised, so my advice would be update the software Okay if you are running the FREE version, you may lose some former functionality, but its a small price to pay for security. Alternatively, you could always opt to buy the software, and/or hosting packages on offer here, and get the best benefits of having a realiable web hosting company taking care of you
	Visit 123 Simples Web Design

Post Reply	Page <12

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum