- Thx for the responses so far... ( continued from http://forum.mamboserver.com/showthread ... post274363 )
in General, security can be increased by:
- Joomla! / M$mb$
Joomla / M$mb$
run MSC component (mambo security check) which will check:
- your php.ini and chmod on files and tell you if anything might be a hazard there
- install ldap9 component along with a plug-in to allow a more secure level of authentication.
It's my understanding that these can be set to 644 as well once u done customizing the site
More information on security on M$mb$/Joomla can be found on:
.htaccess:: documentation PDF by jascha from #localareasecurity (outdated by covers all the bases) on Mambo security:
http://mamboforge.net/frs/?group_id=131&release_id=355- Using secure passwords
- .htaccess file (turning off directory listings)
- all file attributes, especially configuration.php, set to 0644
- all folder attributes 0755
- edit your .htacces file, so the administrator backend is accessible from predefined IP-Addresses only.
- add some filtering options to your htaccess against spambots.
on the .htaccess file
the folder to place it in is the mambo root folder?
Are the following lines sufficient to turn off directory listings, and are they inherited?
Code: Select all
order allow,deny allow from all
More info on .htaccess can be found on
- visit #apache on freenode IRC with of 160+ users on average
- make sure u have the latest mysql version
Greetz BeuvemaNever post:
- files with full path's to you're site
- configuration.php with account information (Loginname / Password)
I will keep this top file up to date to get an instant view of the safety settings needed.
d3vlabs wrote: you can also
get SSL ($44.99 is it) for your mambo's administrator area.
go through cpanel and enable some stuff like hotlinking protection, spam assasinator or any other useful scripts you might have.
This "Whitepaper" on M$mb$ and Joomla! Security is destilled from the posts of: (in order of appearance)
hazman, keliix06, DeanMarshall, d3vlabs, sc00zy, cmyksteve, elnino, TheSaint, brad,