Hi
Security is very low
I got hacked a few moments before
And in the Home
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
watch out for the man in the middle... lol
securing elgg is not much different to securing any website (built with php and mysql).
the only elgg-specific tasks i know of are to delete the install folder after you have installed elgg.
the other issues which we are speaking of will effect all types of sites that use encryption, databases and web code in some way or another.
the install folder is the folder called 'install' (as i recall.. i don't have one here to look at since i deleted it).
ok were is the install please : ) in core?
@Michele - always running the latest elgg version is advisable, for sure.
i was informed by leaseweb (the world's largest webhost) that they were hacked directly recently, their own servers.. the issue is not platform specific or necessarily even website 'type' specific.
if you have access to your server logs you could look through the access log to maybe determine the attacker IP. it is all a learning experience. the benefit is that you learn how to secure a server; though i appreciate that probably isn't one of your life goals!
one option is to use cloudflare, though i do not know how much help that would be against direct attacks.
not running the latest ersion is most likely the casue and not a good host
Probably the chances of hacking is from lack of security configuration in servers not in the application core.
am sure you will be ok :)
For the record, if you look at the twitter feed of Michele's hacker they are hacking all of their targets using apache exploits. Nothing to do with Elgg itself.
I know, just mostly trying to dull the panic that Ura seems to be trying to incite :)
basically dont buy cheap hosting ^_^
- Previous
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- Next
You must log in to post replies.