Welcome to Geeklog, Anonymous Monday, December 23 2024 @ 02:00 am EST
Geeklog Forums
Security Checklist
Greetings all. I am a new and very happy Geeklog user.
CPanel and Fantastico made installation of version 1.3.11sr1 easier than dunking cookies for breakfast... but, I'm concerned about security.
Has anyone created a security checklist? i.e.: Permissions for files and folders, what files can be deleted after installation, etc.
Overall, I find documentation to be excellent, and I'm very pleased, thank you to the developers for all your hard work... I just can't seem to find much on security, perhaps that's a good thing!
Cheers, thanks in advance,
Scott
CPanel and Fantastico made installation of version 1.3.11sr1 easier than dunking cookies for breakfast... but, I'm concerned about security.
Has anyone created a security checklist? i.e.: Permissions for files and folders, what files can be deleted after installation, etc.
Overall, I find documentation to be excellent, and I'm very pleased, thank you to the developers for all your hard work... I just can't seem to find much on security, perhaps that's a good thing!
Cheers, thanks in advance,
Scott
11
11
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
You should find a brief checklist sitting in the submission queue of your new site as well as a side block telling you to remove the install directory and change the passwords of the two default accounts.
The original installation instructions (for a manual install) list which files and directories need special permissions - everything else should be read-only.
I've never used any of the existing automated installers, so I can only hope none of those has screwed up any of the above ...
bye, Dirk
The original installation instructions (for a manual install) list which files and directories need special permissions - everything else should be read-only.
I've never used any of the existing automated installers, so I can only hope none of those has screwed up any of the above ...
bye, Dirk
12
9
Quote
Status: offline
DubiousChrisJ
Forum User
Regular Poster
Registered: 05/10/05
Posts: 114
Hey Dirk,
FYI, I used Fantastico, and it did a correct install, including the features you mentioned. The only thing I had to do was run the upgrade, since it gave me an older version initally. I also had the site security check as a default block on the left when I ran it for the first time, which all checked out.
Luhme summa dat GL.
FYI, I used Fantastico, and it did a correct install, including the features you mentioned. The only thing I had to do was run the upgrade, since it gave me an older version initally. I also had the site security check as a default block on the left when I ran it for the first time, which all checked out.
Luhme summa dat GL.
10
9
Quote
thanks, I found everything
Cheers,
Scott
Cheers,
Scott
9
7
Quote
SuD
Anonymous
Well, i've seen a fantastico installation and i didn't like it much:
* Geeklog dir was on public_html !
* IIRC Backup & log directory was not writable (it's better like that due to the previous point).
* I'm not sure whether it gave write access to images/ and similar directories...
So imho it just unzipped the files and inserted the tables, without any more actions...
* Geeklog dir was on public_html !
* IIRC Backup & log directory was not writable (it's better like that due to the previous point).
* I'm not sure whether it gave write access to images/ and similar directories...
So imho it just unzipped the files and inserted the tables, without any more actions...
16
11
Quote
Status: offline
tlingit54
Forum User
Newbie
Registered: 01/04/05
Posts: 8
On registration, some users do not change their password from "password", or else they register with that as their password.
Then in my security_check block, I get a security message informing me of such. What do I need to add to the lib-common.php under the phpblock_getBent section in order for the warning to tell me exactly which user has the password set to "password"?
Thanks in advance!
Then in my security_check block, I get a security message informing me of such. What do I need to add to the lib-common.php under the phpblock_getBent section in order for the warning to tell me exactly which user has the password set to "password"?
This is probably an easy MySQL query, but I am not much on either MySQL or PHP. I think this would be useful for other admins to show, rather than count the weak passwords.
Thanks in advance!
12
15
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by tlingit54: On registration, some users do not change their password from "password", or else they register with that as their password.
New users get a randomly generated password. If they voluntarily change that to "password", then that is really their problem, IMO.
Btw, make sure you changed the default password for the Moderator account - maybe that's the reason for that message?
bye, Dirk
16
15
Quote
All times are EST. The time is now 02:00 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content