Public Forums 71,145 posts

[mfcphil Friend mfcphilJoin date: September 2007Posts: 2866Downloads:3Uploads:218 Thanks: 211 Thanked: 388 times in 133 posts]

#276280

<em>@bennitos 87088 wrote:</em><blockquote>

nb. Please ignore whoohanetworks post above, its not bringing anything in this discussion.</blockquote>

The link has been removed…

Please keep any and all useful tips coming in guys….

and girls :-[

[mfcphil Friend mfcphilJoin date: September 2007Posts: 2866Downloads:3Uploads:218 Thanks: 211 Thanked: 388 times in 133 posts]

#276282

<em>@instantinlaw 86831 wrote:</em><blockquote>Here is some more info to get you started.
A good article: http://blamcast.net/articles/block-bots-hotlinking-ban-ip-htaccess
Or, do a search on google or yahoo for “bad bots” to find lists.
Or visit: http://www.webmasterworld.com/ and search for the same as above.</blockquote>

Bill I have a question about banning ip address’

Is an ip address as unique as a fingerprint or is it shared by a batch of pc’s in the same area?

[bennitos Friend bennitosJoin date: May 2008Posts: 1717Downloads:0Uploads:39 Thanks: 39 Thanked: 474 times in 407 posts]

#276288

<em>@mfcphil 87093 wrote:</em><blockquote>Bill I have a question about banning ip address’

Is an ip address as unique as a fingerprint or is it shared by a batch of pc’s in the same area?</blockquote>

It depends if the user has a static ip adress or a dynamic ip adress. When the user has a static ip the ip adress will hardly ever change or they have to change provider. A static ip adress is mostly seen by ADSL and cable connections.

With a dynamic ip adress you get a new ip adress every time you dial in or over a timespan like 72 hours. Dynamic ip adresses are mostly seen with dial in modem connections and UMTS and other mobile internet access.

You can ofcourse use some iplogger to see if the user you want to ban has the same ip adress every time. But ip bans in general dont work very well. For example you decide to ban me ill go to my work (where i have a different ip) and try again from there. Or use proxy servers.
If a user has a dynamic ip adress its almost impossible to ban them using ip as it changes every time.

1 user says Thank You to bennitos for this useful post

1. mfcphil

[shertmann Friend shertmannJoin date: September 2008Posts: 339Downloads:0Uploads:1 Thanks: 22 Thanked: 42 times in 26 posts]

#276314

<em>@bennitos 87088 wrote:</em><blockquote>For point 8 on menalto’s list above i did this.

The best thing is that the configuration.php file will be placed on a location wich is not accessible from the internet, wich is the reason thats its better than to just move it in a subfolder.[/I][/U]

</blockquote>

thanks for this tip benito is a usefull thing that we must include or make in our site installments

[scotty Friend scottyJoin date: March 2008Posts: 2339Downloads:0Uploads:13 Thanks: 76 Thanked: 827 times in 595 posts]

#276331

<em>@bennitos 87102 wrote:</em><blockquote>If a user has a dynamic ip adress its almost impossible to ban them using ip as it changes every time.</blockquote>

You would also run the risk of banning innocent users as the IP is recycled by the ISP.

[shertmann Friend shertmannJoin date: September 2008Posts: 339Downloads:0Uploads:1 Thanks: 22 Thanked: 42 times in 26 posts]

#276481

a tip that the joomla team suggest is you make a research in order to see if your hosting provider where your joomla installment is located is secure, most of the attacks to sites provide from insecure hosting providers. so always check if your hosting provider is secure enough:cool:

[scotty Friend scottyJoin date: March 2008Posts: 2339Downloads:0Uploads:13 Thanks: 76 Thanked: 827 times in 595 posts]

#276891

I came across this and thought it would make a good addition. It gives you security alerts from joomla.org in the backend.

How to add the Joomla! Security Announcements Feed to the Admin Control Panel?

1. Login to your Joomla! sites Administration site
2. From the menu, select Extensions -> Module Manager
3. From within the Module Manager, select Administrator
4. From the Icon Menu (top right), select New
5. From the choices available, select Feeds Display
6. At the Feed Module configuration page, enter the appropriate details (Title (EG: Security Announcements) and Feed as a minimum)
7. Enter http://feeds.joomla.org/JoomlaSecurityNews in the Feed URL
8. Select cpanel as the position
9. Optional Select Apply from the Icon Menu (top right) and place the feed in the order where you want to see it in the Admin Control Panel
10. Select Save from the Icon Menu (top right)
11. Go back to your Admin Site main page (Site -> Control Panel) and you should see your newly built Security Feed.

You can also use this technique to deliver your own “Customer Updates” to sites that you build for others. It’s a great way to communicate with your customers after handing over the site to them. Every time thy log in to the Back End, they’ll see your latest news.

[tonyg Friend tonygJoin date: June 2008Posts: 197Downloads:0Uploads:8 Thanks: 18 Thanked: 46 times in 27 posts]

#276952

I find Jsecure a very useful plugin, it simply prevents access to administration login page without the appropriate access key. With jsecure plugin enabled if anyone go to http://www.yourdomain/administrator they will either be send back to your index.php page or to a custom 404 page. The page they get send to will depend on your settings in the plugin, I found the index page a better option whilst testing this plugin. Once installed and configured, to access your administrator login form;

http://www.yourdomain/administrator/?keyname

Note the question mark symbol is required and the keyname is your chosen secret name, case sensitive and no numbers allowed.

Important note: If you decide to use this plugin make sure you read the readme file included in the download before you install.

You can download from here:http://extensions.joomla.org/component/option,com_mtree/task,viewlink/link_id,5809/Itemid,35/

[Author]

Posts