Securing your vBulletin Installation

Wayne Luke

Tazmanian
Joined
Jan 6, 2004
Messages
5,791
Wayne Luke submitted a new Article:

Securing your vBulletin Installation

Please note: While this whitepaper is specifically geared towards vBulletin, there is general information in part 1 that would apply to any publicly accessible website. Future installments will contain more specifics on protecting your vBulletin site.


Securing your vBulletin Installation
vBulletin has many features built-in to help keep your data safe but if your server is not secure then your data can be jeopardized. There are several steps to secure your vBulletin Installation. Most of them involve server configuration and settings outside your the vBulletin Application. However these things provide the foundation your security will be built on.

Securing Your Server
Securing or "Hardening" your server is beyond the scope of this document but is an important step to creating a secure environment for your data.
Most hosting providers will provide this service if you have a dedicated machine so you should work with them to make sure your machine is as secure as possible. Below are some links that will help you.

Linux Kernel Hardening
Installing and Securing IIS Servers
Securing Apache
Securing PHP
Securing MySQL

Please note, that if you are on a shared server you must rely on your hosting provider to secure your server for you.

Accessing Your Server
How you access your server can undermine any security protocols you put into place. It is recommended that you use SFTP (SSH File Transfer Protocol) and SSH (Secure Shell) access to directly access your server and files. These are secure versions of the common FTP and Telnet protocols. SFTP and SSH will send passwords in an encrypted format whereas FTP and Telnet send them in plaintext.

You can find out more about these protocols at Wikipedia.com
SFTP: [ame="[URL]http://en.wikipedia.org/wiki/SSH_file_transfer_protocol[/URL]"]SSH file transfer protocol - Wikipedia, the free encyclopedia@@AMEPARAM@@/wiki/File:Wiki_letter_w.svg" class="image"><img alt=""...

Read more about this article here...
 
Last edited by a moderator:

DChapman

Devotee
Joined
May 20, 2004
Messages
2,880
Wonderful article Wayne. Thanks for taking the time to write that up. I look forward to future installments!
 

Wayne Luke

Tazmanian
Joined
Jan 6, 2004
Messages
5,791
I should have the next installment submitted today or tomorrow. We will get into the meat of things with Config.php and your Admin/Mod control panels.
 

Wayne Luke

Tazmanian
Joined
Jan 6, 2004
Messages
5,791
Sorry about parts two and three.. Will get them up as soon as possible. I am still trying to recover my hard drive from a several catastrophic computer failures. Right now all my document work is on 10 compressed DVDs.
 

Libertate

Devotee
Joined
Aug 3, 2005
Messages
2,041
I guess then you will definitely have a section on backups as part of security.:whew:
 

Dakoom

Web City
Joined
Jun 13, 2006
Messages
758
Great article. Thanks Wayne. But let me ask this: If I do not follow this advice, how much more percentage there is in receving succesful attacks?
Problem is that I'm a noob about servers.. so about all your article theme, and *I think* I'll must learn a lot of, before understand completely this article.
 

chrisaka

Neophyte
Joined
Dec 18, 2006
Messages
2
Good article, thanks for writing it.

FYI, chmod 644 gives you read/write permission, and everyone else read permission. 755 gives you read, write and execute permission, and everyone else read and execute permission.

Chris
 
Top