In reply to IMPORTANT. Security Alert!
anthonyparsons
anthonyparsons18th of July 2008
 
I think it's a little ironic actually that people blame both the developer and/or Dolphin / Ray itself as a problem. All PHP scripts have vulnerabilities... and I mean all. People have released little hacks above, recommendations, etc... this is a blanket hack, not a specific targeted event. Hackers really have better things to do that target individuals running a boonex community. This is some kiddy hackers who more importantly found a loophole that allows Dolphin IN CONJUNCTION with a server with see more holes an access point. I have two servers... one VPS and one dedicated. One has globals on, one has globals off. Both have Dolphin installed and neither got hacked. Why? Rough guess.... the first thing I do with a server is install a firewall and maximise its level and close as many PHP and related holes as possible. A hacker cannot gain access if holes are closed so that root level only can make adjustments. It really does just rule out blanket nonsense such as this and gets down to the odd chance a hacker really wants to target your site. If that is the case... nothing you do will stop them regardless if they are worth their weight as a hacker. Hackers really do have better things to do with their life.... this one is kiddy stuff with an exploit that Dolphin warned about.

As recommended above... put your site on a secure server to begin with... cheaper really is not better. Dedicated or VPS is not better either if you do not secure the thing in the first place then only open what you absolutely need open to run your loaded sites. Servers are default set to allow thousands plus exploits to be input. Hell... if you didn't know, spam assassin itself is exploited that if you have it on your server, chances are all your server emails are actually receiving spam within 30 days off opening the email account. Get a VPS and learn how to firewall it tight... then back it off only where needed so your sites work from a user perspective. The rest... you just really shouldn't have any problems with such issues from then on as PHP exploits are closed at the server level... not the script level which doesn't do much at all.

Just my two cents on this topic. Not Boonex issue though...
PermalinkReplyPlus0 pluses
Tango15th of August 2008to anthonyparsons
 
Though Im not a tech guy but I agree with you! Securing server is the first thing... Would you mind posting here more specific tips on how you 'close' holes as I would like to apply it to my dedicated server as well.

How you maximise the firewall level or what firewall settings are you using? please.
PermalinkReplyPlus0 pluses
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Custom Jobs
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd
SSL
© BoonEx
Home
Features
Pricing
Support
Hosting
About
Demo
PET:0.036696910858154