Basic security/safety measures for your site

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Anti-Spam Guide
Post Reply
yaooke
Registered User
Posts: 33
Joined: Fri Feb 26, 2016 12:40 pm

Basic security/safety measures for your site

Post by yaooke » Sat Apr 16, 2016 11:10 am

Hi everybody,

I own a phpBB forum that is growing and I want to know the basic, necessary safety features for a site/forum so that if something goes wrong, you still have back ups. I don't want to risk losing my site because of something going wrong on the servers or because with the hosting provider..

How often do I have to make back-ups? What is generally accepted?
Do I have to do other things then making back ups in case something goes wrong?
And is a database back up enough (the one you can create through the ACP) or do I have to copy
all the files of the server from the FTP program to a hard disk or memory disk?

Thanks.

yaooke

User avatar
david63
Registered User
Posts: 16715
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Basic security/safety measures for your site

Post by david63 » Sat Apr 16, 2016 12:05 pm

You do not say which version of phpBB you are using as the recommendations are different for 3.0 and 3.1
yaooke wrote:How often do I have to make back-ups?
That depends on how busy your board is - I backup every hour, some backup once a day, others once a month and some never back up.
yaooke wrote:Do I have to do other things then making back ups in case something goes wrong?
If you have not changed any core files then the only other things that need to be backed up are the files, images and store folders as everything else can be reinstated from downloads. If you have changed core files then you will also need to back those up as well (or as a minimum keep a note as to what you have changed)
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

yaooke
Registered User
Posts: 33
Joined: Fri Feb 26, 2016 12:40 pm

Re: Basic security/safety measures for your site

Post by yaooke » Sat Apr 16, 2016 12:12 pm

Hi David,

I have phpBB 3.1.6, sorry for not saying earlier.
I get about 5 to 10 posts a day, the forum is only a few weeks old and growing. So I think I'll back up every 4/5 days.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50894
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Basic security/safety measures for your site

Post by stevemaury » Sat Apr 16, 2016 10:38 pm

There is an extension for phpBB 3.1.x to do automatic backups stored on the server.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

User avatar
Elias
Registered User
Posts: 4625
Joined: Sat Feb 25, 2006 4:31 pm
Location: In the Water!
Name: Elias

Re: Basic security/safety measures for your site

Post by Elias » Sun Apr 17, 2016 4:12 am

And that extension can be found here.
"Mystery creates wonder, and wonder is the basis of man's desire to understand." - Neil Armstrong
|Installing Extensions|Writing Extensions|Extension Validation Policy|

User avatar
Puchahawa
Registered User
Posts: 768
Joined: Sat Jan 01, 2011 10:33 pm
Name: Randy

Re: Basic security/safety measures for your site

Post by Puchahawa » Tue Apr 19, 2016 1:36 am

I use the backup extension they are talking about and have it do a B/U every 10 days on a slow board. The important part of that to me is to D/L the B/U to your hard drive or USB along with the other files / folders talked about so IF something bad were to happen you have everything you need to get back in business. Even if that were to be on a different host. :)

A quick note on the ext. You can have it save how ever many backups you want and it deletes the oldest to make room for the new one.
Avatar courtesy of artist Faith Coyotë

User avatar
P_I
Registered User
Posts: 942
Joined: Tue Mar 01, 2011 8:35 pm
Location: Calgary
Contact:

Re: Basic security/safety measures for your site

Post by P_I » Tue Apr 26, 2016 12:23 pm

As well as doing regular backups I would recommend at least once trying the restore process to ensure that you've got everything backed up and can re-create your site if there was a major failure. Until you've gone through the disaster recovery process at least once you won't know if you have any holes or gaps in your backup procedure.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams

koraldon
Registered User
Posts: 513
Joined: Sat Jun 30, 2007 12:42 pm

Re: Basic security/safety measures for your site

Post by koraldon » Tue Apr 26, 2016 6:38 pm

Secure the ADM directory with a htaccess file, of course with different user name/password than the forum user.

User avatar
Lumpy Burgertushie
Registered User
Posts: 66850
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Basic security/safety measures for your site

Post by Lumpy Burgertushie » Tue Apr 26, 2016 9:43 pm

koraldon wrote:Secure the ADM directory with a htaccess file, of course with different user name/password than the forum user.
I don't recall ever hearing of anyone having their admin panel hacked in phpbb in all the years I have been here.

basically, the only thing password protecting the admin panel will do is make things harder on the admins.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

koraldon
Registered User
Posts: 513
Joined: Sat Jun 30, 2007 12:42 pm

Re: Basic security/safety measures for your site

Post by koraldon » Wed Apr 27, 2016 7:11 am

You are confusing things here, and spreading misinformation - HTACCESS is not a 2FA. It is meant to stop all 3rd side parties, to accessing/manipulating files in your admin directory. In addition, you can also implement 2FA, but I'm not aware it is officially in phpbb.

Securing with htaccess is very common and safe practice. Just search the web about site hardening.
If someone asks for help, you should help him with advice, not suggest to be lazy (it is exactly 2 seconds to enter another user/passowrd) and unsecure.

User avatar
Lumpy Burgertushie
Registered User
Posts: 66850
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Basic security/safety measures for your site

Post by Lumpy Burgertushie » Wed Apr 27, 2016 1:46 pm

where did I say anything about 2FA?

I do not spread misinformation. suggesting that creating another step in the phpbb admin login process is needed is where the "misinformation" is being spread.


It is not about being lazy. It is about being practical and putting your efforts into things that will help.

like I said, in all the years I have been doing this, I don't remember a single time when someone managed to hack into the admin panel because of knowing where it is.

protecting directories using htaccess is certainly helpful in some circumstances but phpbb is simply not one of them.
thank you for your input.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21681
Joined: Fri Aug 29, 2008 9:49 am
Location: Cardiff

Re: Basic security/safety measures for your site

Post by Mick » Thu Apr 28, 2016 10:35 am

P_I wrote:I would recommend at least once trying the restore process to ensure that you've got everything backed up and can re-create your site
Yes but not on a live board. See Knowledge Base - Installing and Setting Up Your Own Web Server You can then test as much as you like without killing your board.
"The more connected we get the more alone we become" - Kyle Broflovski

Post Reply

Return to “phpBB Discussion”