Hi
Security is very low
I got hacked a few moments before
And in the Home
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
i have no plans to get on a upnp enabled airplane any time soon.. or install a wireless enabled heart pacemaker either.... (wtf is that about? who would even consider the thought of 'installing' such a device into their own body?!).
i would like to see the majority of tech disabled yes.. that is when we can find our own soul again.. ever present in the more harmonious electro magnetic wave spectrum - less distorted by 'the net/system'.
as for security for those of us 'hiding from the spider in the web' - there are always approaches to preventing attacks - we simply need to know what they are and to use them. the last video i shared here about javascript router bypassing, can be resolved with firewall rules.
@Michelle, don't be alarmed. You can make your ELGG site secure, if you follow up on the advice. Not Fort Knox maybe, but so hard to crack that 99,9% of the hackers cannot do it. The ones left are most probably more interested in extreme high profiled sites. I even have a video on "how to hack a website" published on my site and that video has been shared on underground sites and we are still alive :-)
I know. It is allways the whole stack you need to secure.
so lets make a list of things to do to pretect your elgg site : )
1. use a long complicated password use lots of # symbols
2. Check your directory prrotection settings in cpanel
3. Use lots of captcha spam software
4. Use a good host and check all your settings
5. Update all software and php settings - i need to do this today lol
6. there are many other ways please add to this eg: using a good ssl certificate that scans your site for vunarabilities etc usually you get that free with a lot of ssl plans.
i have good friends who are white hackers the good type who check my sites for me they said all my sites are not secure and servers due to port 80 being open, not sure what they were talking about but i contacted my host etc they said i am ok just use a long password etc, they said the only thing that can happen to my sites is they get slowed down from syn or sym attack dont know what there called lol i think it is syn. A good way to test your site is to ask white hackers usually a friend would be best as they maybe black hackers who knows lol there must be a site or community or tool to check a site for vunrabilities which checks your site and server, can anyone recommedn such a service? free please?
In the end a really good hacker can most propably deface any site if they set there heart on it, though most wont waste there time, would be nice to add somthing to a elgg site saying Warning to hackers your ip and mac address will be sent to the police etc or somthing like that, is there a program or html badge code to do this or service?
good tips thanks mate ^_^
Yes remove install folder. I am missing a lot of essentials in your list, like mysql only listening on localhost. Avoid FTP and use SCP instead (with keys and passphrase). Use SSL for login etc...
And off course use iptables (or windows firewall) and only allowing essential ports (25,80,443). Other management ports only for admin ip address.
I'm not aware of any need to remove the install folder...
once used, the install folder is superfluous and presents just another potential attack vector.
there is no reason to keep it on the server.
- Previous
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- Next
You must log in to post replies.