Securing my installation

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Get Involved
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
N.emesis
Registered User
Posts: 6
Joined: Tue Sep 11, 2007 5:58 pm

Securing my installation

Post by N.emesis » Tue Sep 11, 2007 9:58 pm

Hey all,

Ive recently installed phpbb3 rc5 without any problems,
One question i got is i installed not in public_html folder but made a folder and in that folder like''sp'',
In that folder contains the phpb3 files.


So then you ofcourse know we got a problem when you go to http://www.mysite.com ,it does not view the index.php because its in the ''sp' folder.


I did this for some extra security reasons ,because hackers always search or index at the public_html folder.


What i want is my phpbb3 in a different folder and still can enter the site without having to type http://www.mysite.com/sp ,

I was thinking about a redirect file like a index.html file in the public_html folder so it will automatically redirect to http://www.mysite.com/sp when you enter this http://www.mysite.com.


As you know many automated scripts/exploits use default directorys/installations that havent been customized by the user . Becuase i got hacked one time and big time by a script called c99.php but i had a buggy installation of phpnuke . SO now i want to customise standard settings to make a little bit safer for my phpbb 3 installation.


Sorry for so much typing but im trying to clear my point /problem so others can also have help with this.

Now do you guys know an alternative for my above described issue? Thank you very much for taking the time to read this and answer.

Cr00zng
Registered User
Posts: 131
Joined: Sun May 20, 2007 2:21 pm

Re: Securing my installation

Post by Cr00zng » Wed Sep 12, 2007 12:37 am

The functionality for defining the home directory is not controlled by phpBB; you'll need to define the HTML home directory for the http://www.mysite.com site to suit your needs. Depending on your ISP the HTML home directory on a shared servers might be defined based on your naming convention as such:

Code: Select all

HTML Directory Name: /servername/local/home/clientname/mysite.com/sp
Your ISP may or may not have the same directory naming convention, but you get the idea. The above home directory path is for *NIX server, just to state the obvious.

Cr00zng

N.emesis
Registered User
Posts: 6
Joined: Tue Sep 11, 2007 5:58 pm

Re: Securing my installation

Post by N.emesis » Wed Sep 12, 2007 12:50 am

Cr00nzng thanks for answering,

But my directory looks like this:

Code: Select all

/domains/mysite.com/public_html/sp/

Usually the phpbb installation needs to be in here:

Code: Select all

/domains/mysite.com/public_html/

I try to avoid that so its not easily found by a curious user.

So if i make a index.html file in public_html with the code that it redirect to mysite.com/sp when some one enters mysite.com is that possible and a good idea?

I just want to prevent as much as possible any attack. A tutorial or a tips topic for custom edit phpbb3 to make it more secure is actually what i want.

Cr00zng
Registered User
Posts: 131
Joined: Sun May 20, 2007 2:21 pm

Re: Securing my installation

Post by Cr00zng » Wed Sep 12, 2007 1:16 am

To my knowledge phpBB doesn't really care about the home directory where you install it; it'll work with number of different folder levels. To my knowledge as long you don't change the original directory where you installed it, phpBB will work just fine. If you installed the forum in your "/domains/mysite.com/public_html/sp/" and defined the HTML home directory the same, your users should be able to access the forum via the http://www.mydomain.com link.
Hiding the phpBB directory doesn't really make the forum more secure, it'll just make your life harder to define the link to the forum ;)

If you want to secure your forum, you should:
  1. require administrator authorization for new members
  2. disable guest access
  3. control different levels of access via groups
  4. here's a link to my test board that doesn't allow access for guests
Awhile ego, we had a discussion on this subject here

Cr00zng

Locked

Return to “[3.0.x] Support Forum”