By uploading sites of compromised filles, my website can be infected?
It is possible to protect it?
If someone upload a .rar file virused does not affect the site?
How can I protect myself from viruses?
 |
That's a very complex question, do you mean uploaded through the files module in Dolphin or via FTP? Normally sites get infected by insecure upload scripts that don't check file types, incorrect permissions on shared hosting accounts or hacked FTP passwords.
By uploading sites of compromised filles, my website can be infected?
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Dolphin was installed by Boonex developer. I ask about Filles, Dolphin module |
You should Always keep track of what will be installed or changed by any developer or someone that offers to help you.
|
Upload filles with Filles Module are stopped just because of this.It makes sense. If someone upload a virus does not spread? why do you have the feeling that something is wrong?
|
You can allow uploading of files as long as you put some restrictions in place. Don't allow .php, js, exe, etc. to be uploaded. Files are not executed on Dolphin, you can upload them and download them but not execute them. Of course if there is no need for file sharing among your members, then remove files for your members. One thing you want to secure on your server is php execution of files that are pretending to be an image. for example, mycutekitty.php.jpg. Under the right circumstances, the webserver will run that php script. That is one of the exploit you need to be concern with. The other is XSS attacks, cross site scripting, and SQL injection attack. A year or two ago, millions of websites were infected due to SQL injections and some of the sites were top sites of corporations that you think would be more wiser and have a huge development team that made sure all inputs were super scrubbed. The other attacks will be direct on the server; you want to make sure that all ports that are not needed are blocked. If you are not running a DNS server on your server then block the ports used by DNS. Secure your FTP ports as well; lock them down so that only your IP can connect to them; deny access to any control panel so that if the IP address is not your address, the connection is dropped. Geeks, making the world a better place |
So, you mean that Dolphin is a very vulnerable platform? |
So, you mean that Dolphin is a very vulnerable platform? Where did you get this idea? As far as I know, Dolphin is a secure platform. I know of no issues involving XSS or SQL injection. There may be some but none that I know of; perhaps others would like to address this. And no, talking about security issues with Dolphin does not hurt us; the black hats already know. In my post, I was talking about securing your SERVER, not Dolphin. Geeks, making the world a better place |
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
The new Dolphin solution is powered by UNA Community Management System.