Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 5 of 5
  1. #1
    Senior Member Dorky's Avatar
    Join Date
    Jun 2009
    Location
    Destin Florida
    Posts
    1,430
    Member #
    19103
    Liked
    4 times
    how strong of a defense is htaccess.
    is it ok to rely on htaccess to secure a site based cms control panel?

    while($get_it !== true){ continue; }

  2.  

  3. #2
    Member jwind's Avatar
    Join Date
    Nov 2010
    Location
    On a mac
    Posts
    76
    Member #
    24894
    Liked
    4 times
    I'm interested in this as well. It would seem that other factors, would be of high risk...

  4. #3
    Member Eric Mintz's Avatar
    Join Date
    Mar 2012
    Location
    Atlanta, GA
    Posts
    48
    Member #
    31243
    Liked
    7 times
    There are many types of risks, and many ways to guard against each type. For example .htaccess might not be much of a defense against SQL Injection, cross-site scripting attacks or brute-force password attacks, but it's great for example, to make sure that only certain file types can be served up. Besides the fact that no one security measures can guard against all kinds of attacks, it's always better to have as many measures in place as are practical - just in case one measure that you rely on has a "leak".

    The server itself should have a firewall and you should only open ports you absolutely need to have open. Ideally, only open web ports (80 and 443) and either ssh or vpn ports. Control port access through hardware firewalls in case your software firewall crashes. You should use strong non-dictionary passwords for your server, your databases, and your website admin pages and control panels. Don't leave things like phpinfo() files laying around. Don't store sensitive info in hidden form fields or on the query string. Don't store any sensitive info in the database without strong encryption - and use strong passwords and salt strings for encryption. Keep security patches up to date. Have reliable (tested) backups just in case despite your efforts you suffer a security breach.

    And yes, use .htaccess files (for Linux) to control access.

  5. #4
    Junior Member
    Join Date
    Dec 2012
    Posts
    13
    Member #
    34103
    Liked
    2 times
    Yes, password protecting the admin area would be another layer of security. Another thing you could do, and some CMS programs allow it easily is rename the admin folder to something else and make the appropriate changes in the cms config file. That way someone knowing the software's default admin directory can't just type it in and start applying an exploit.

    And always have a recent backup.

  6. #5
    Member
    Join Date
    Aug 2013
    Location
    Venice, Florida
    Posts
    38
    Member #
    37112
    Yes use the .htaccess and cpanel firewall


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 07:20 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com