Register

The Most Active and Friendliest
Affiliate Marketing Community Online!

Register
“AdsEmpire”/  Direct Affiliate

Securing a forum

Meti

Meti

New Member
affiliate
Hey there,

Lets make this one of those long threads with useful information, shall we? Please share your security tips'n tricks below and I am sure that many forum owners will appreciate your tips.

Here are mine;

- You may wish to modify the adminCP/moderatorCP folders (this may require some modifications on the configuration settings)

- I often password protect directories that control the web site, for example the adminCP & moderatorCP are being password protected, and I provide each member a private user and password.

- Make sure your file permissions are set as low as possible, try to avoid having files CHMODDED at 777, doublecheck your configuration file so it has READ permissions only.

- Use a unique password for both your administrator user and don't ever use the same password for your webhost control panel as you do for your site.

- Change your password once in a while, and never assign a user full administration permissions (be careful with who you choose as staff).

- Make sure the forum platform is fully up to date, if there are any new versions the best way would be to upgrade asap, as there may be security fixes and further bug fixes released.

Share your own tips and tricks, and I am sure this will come to good use for all of us, remember, these are good tips although a very important factor is your web host, you should pick a reliable webhost.

- Meti
 
Meti,
Excellent tips, are you talking about all forums generally or one forum software specifically, some of your suggestion goes with any forum thanks that is good, here are a few tips from me.
- Do not give a member of your backroom staff more permission than they need.
- Always remove or down grade the account of a staff that left very very quickly
- Make your forum software force you and other important member of your staff to change their password regularly and they should not use the same password twice in a year.
- Backup your forum after making any important changes or hitting a posting landmark.
 
Thanks for those excellent tips Temi, I am speaking of general security for any forum platform. You hit a very good point, make sure you do at least weekly backups in order to avoid any complications. Ask your web host regarding backups, most of them do daily/weekly backups.

Meti
 
Meti,
I think in addition to you hosts backup, its better if you do a database dump of your site. Hosts are usually not very fast when it comes to helping restore a site but if you have a backup on your PC you can have your forum back online within a few minutes of disaster happening of you have you own db dump on your PC
 
temi said:
Meti,
I think in addition to you hosts backup, its better if you do a database dump of your site. Hosts are usually not very fast when it comes to helping restore a site but if you have a backup on your PC you can have your forum back online within a few minutes of disaster happening of you have you own db dump on your PC
Click to expand...

Agreed. I used to have an application that automatically connected with my mySQL server and backed up my databases, stored them at my own PC. However, I had that software on my previous machine, cannot seem to find it any more.

Meti
 
Some more tips :

1. IP Protect your AdminCP directory.

Find out your IP address (or IP range, if you have a dynamic ip address), and then restrict access to your AdminCP directory for all IPs, except your own IP address; using an .htaccess file placed in your adminCP directory.

Example : If your IP range is 122.154.*.*
Then you can use this .htaccess code to restrict the access :
Code: 
order deny,allow
deny from all
allow from 122.154.

2. IP Protect your hosting control panel

If your webhost allows it, you can also request your webhost to restrict cPanel access to everybody, except from your own IP address/range. This will make it even harder to break into your control panel. This way, even if somebody knows your pass, he won't be able to login as the IP won't match.
 
Excellent, I was messing around with this and couldn't believe how un-secure my forum actually was.

Great article.
 
I have noticed that in order to avoid unwanted posters posting bad things on your forums best to have your settings set so that any new members have to be approved by either the webmaster or the global moderator and this should discourage any trouble maker from trying to register only to do harm to your site!
 
anybody tried a spam block programs for forum ? which one and which database of the banned spammers it uses ?
it's related to the security too, because some bots trying to use a common exploits for the popular forums automatically.. of course it does not work for a many cases, anyway it will be good do not give him to try.
 
tips

  1. You might want to have staff selected from other sites before you open your board. It's ok if a guest comes by and finds the forum and registers - all that means is that your forum is inviting. Have you staff to start threads to make it more "welcoming" to guests with more chances to post in topics they like.
  2. Keep your board open to suggestions! If the board not open to suggestions that what is a guest going to think? They don't have any suggestions? It's a forum for the people and should be built by the people over time. Do some of the suggestions but don't do too many at one time: It could cause members to get confused and get lost.
  3. Have rules set up. Rules need to be set up to keep a forum orderly and get better rankings on search engines like google. Don't have your moderators be harsh about telling a member to follow the rules. Don't tell them that they'll get banned after they do something because this could intimate guests to not want to register because of a wrong move they might make.
 
Some great tips you have posted above. I would like to thanks for this precious and useful stuff, i think you have described some vital and fundamental thing about forums. Great thinking!
 
You may also protect the admin directories (does not imply only for the forum but for other applications as well) using .htaccess/.htpasswd. Though the server would parse .php files normally, there are instances in which the httpd.conf file could get messed up so that the server returns the .php file unparsed.
 
Managing a forum is a very difficult task and this is not only about the control panel panel and functions, but the biggest thing is to manage in spam free. I have seen many forums dieing because of spam and those who are maintaining it is doing a great job.
 

Similar threads

A
Is offer aggregation a good practice?
Replies
7
Views
620
kevinforest
kevinforest
T
I need a Telegram message tracking software.
Replies
0
Views
129
tokerjoker050
T
manishkumar1
Where can I find a free financial modeling course, and is CFI Education a good choice?
Replies
1
Views
410
Graybeard
Graybeard
D
Have a question about igaming
Replies
1
Views
503
Graybeard
Graybeard
B
Any Ideas on a Good Company That Has a Good Program for Man Cave Ideas?
Replies
0
Views
546
Bigtoad!
B
banners
Back