Hi
Security is very low
I got hacked a few moments before
And in the Home
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
But not 'cheapest' or 'paid-free' certificates, right?
You can safe your website w/o SSL anyway. Just accepts the simple security principles...
if your site is not accessible via an encrypted connection then all the data that goes in and out of your website, including passwords, can be quite easily intercepted by snoopers.
the price of the certificate is irrelevant.
another site hacked wow, so php needs to be updated, i have updated php before and my elgg site did not work.
THIS IS SERIOUS AND THE ADMINS ON ELGG NEED TO BE LOOKING INTO THIS I AM VERY WORRIED NOW
@ura soul Wrong. Set the firewall's rules. It's a main feature than the security transporting protocol.
@UK All OK ;) It's not an Elgg's problem
@RVR - i advise to watch the videos i shared in the thread about certificates - the firewall rules are not relevant to this type of interference. the 'man in the middle attack' occurs in between the server and the user's computer and is based upon impersonation. when done successfully, neither the server nor the user's computer is capable of detecting the presence of the 3rd pc using the current internet infrastructure (as far as i have seen).
ok though i would like more information on how to secure a elgg site even more please as that is 2 people hacked who have posted here in the last week
Oki-doki, guys :) My IMO is just my IMO.
please no ones saying how to make your elgg site more secure i checked wiki it does not say anything about removing install fodler etc how do i do this which folder were is it and what else can i do please
There're a tone methods for hacking your software/CMS/website/server (that's right, it's a big differents).
As I said SSL is just an one of your way (ask about it @ura_soul).
But.. do you know about XSS? or CRSF, or SQL-injection? Do you know about exploiting or bruteforce, or DDoS attack? Or 'social-engineering'? etc
Need separate website that talk about all of it...
If you runs your own site on your own server then reads RTFM, plz.
Now, I need to sleep bcz my girl call me to bed :)
ok lol tc if anyone else would like to add ways to secure elgg pleasse dont be shy
- Previous
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- Next
You must log in to post replies.