Re: Icy Phoenix 1.3.0.53a - How Secure Is Icy?
For the first question, I will say that
MG & devs have worked on security, but Icy could not be the most secure system. By the time being, I have not known any other phpbb2 series based CMS which could be more secure. But this does not mean that there is any system that IS totally secure, as even a error on the PHP engine could lead to the creation of a bug.
Sorry about the issue with this phrase, I even mis-understood myself when reading it. I guess I should not post at such times as 1 am in the morning
By the moment, the main dev (
MG) triaggers a patch for a security issue when one is found.
Optimal config of the server to prevent server hijacking.... I will try to give some tips:
Quote:
Ability to set CHMOD permissions.
You should set the config to only read after installing icy. I have done so on my local and I had no problems with the board. You should also set the recommended CHMODs at the install procedure, for the user that runs the server daemon (and not all).
Quote:
These other requirements (even if not strictly needed) are suggested for optimal performance of Icy Phoenix:
* Webserver with .htaccess capability.
IDK how much will it help.
Quote:
Register Globals set to OFF.
This will stop many atteps from successing.
And some tricks:
Have as less ports as you can opened. And if you can, make the services running on them not to send any data untill some kind of true credentials are sent (as user/pass or whatever). All other ports should not actively deny a connection in order to make this technique sucess.
Do NEVER post your sid(s). EVER. A hacker with one valid session id can change your credentials in minutes.
Use good passwords, not bad engough to be burteforced, or reversed-enginered.
Do not get a keylogger on your computer
Do not let a sniffer on your LAN.
Do use WPA2 keys on your wifi nets.
Do not be stupid engough to fall into a password change type scam.
And many others.... most of them basic ones...
Edited by
novice programmer, Mon 21 Sep, 2009 20:17: Corrected the misunderstanding phrase. Sorry.
Edited by
novice programmer, Mon 21 Sep, 2009 20:25: Corrected the bbcode.