Jump to content

  •  

- - - - -

CHECKLIST : top 5 ways of keeping your site secure.

forums hacking continuity planning failsafe planning

  • Please log in to reply
2 replies to this topic

#1 dimensio

dimensio

    Newbie

  • Member
  • Pip
  • 2 posts

Posted 08 August 2018 - 07:52 AM

Hey Y'all, Dimensio the Wolf here.

Here is my top tips to prevent hackers from ruining your empire of dust.

1. Check CPHULK is turned on, or a similar bruteforce prevention tool, and change max login attempts before lockout to THREE not FIVE. Nearly all 'hackers' think they can guess at at least 4 passwords before it will trigger your brute force protection, set it to 3, set the ban time to 45 minutes and BOOM ! you are free of idiots.

2. Use Decoys not Block Pages. Set up a page on your site that fits with the template, or design, and have it say something like a generic PHP error message or Down for Maintenance or System Updates, Check Again Later. Something that says the site is down but will be up again soon. Then use this page for the 401.xhtml or similar, page, that is displayed on a failed hacking attempt  (such as 3 login attempts per point one ). By doing this the hacker thinks your site is down and less likely to hack in. The worst thing to do is set the hack attempt detected page to read something provocative.

3. use UFW firewall, its a million times easier than IPTABLES. Change every single port from default to something else then block them with UFW. As most 'hackers' are script kiddies they really can't use their tools if its anything but a standard setup. Using UFW to block any attempt to access the standard SSH port is a super win as most of your hackers will be automated attempts anyway.

4. Make regular backups. If you don't know where your backups should be the answer is not on your hard drive, not on the server, not in your email. I store mine in a rubber dog turd deep in the forest on a USB stick.

5.  Test Your Backups. Yo the amount of hours I have lost due to the backup not working. At least test once to make sure you actually can restore a backup. In my case a hack wasnt detected for several months and it was subtle.


Hope this helps y'all.

#2 squazz

squazz

    Newbie

  • Member
  • Pip
  • 6 posts

Posted 08 August 2018 - 10:28 PM

This is not enough but it will definitely keep some people away. GJ on tutorial.

#3 cold(-*)

cold(-*)

    ~forgotten

  • Donator
  • PipPip
  • 18 posts

Donator

Posted 09 October 2018 - 02:53 PM

View Postdimensio, on 08 August 2018 - 07:52 AM, said:

I store mine in a rubber dog turd deep in the forest on a USB stick.

Interesting place to keep your backups :D I store mine on magnetic tape cassettes and put those in safes.





Also tagged with one or more of these keywords: forums, hacking, continuity planning, failsafe planning

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users