Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#1 2009-06-11 19:54:44
- morser
- New Member
- Registered: 2009-06-07
- Posts: 7
Securing Textpattern out of the box. Anything additional to do?
Hello,
textpattern 4.0.8
Xampplite Lite
I’m from the Windows IIS world before I ran Apache so i could use TextPattern. I would regularly review the IIS logs and lock down IIS to prevent intrusion.
Is there anything I need to be concerned about with regards to security when running TextPattern on Apache? I’m sure the activity logs are around so i’ll find them.
Any routine security checks people perform would be appreciated. I know this has more to do with Apache than TextPattern but I thought I would ask here first since i’m only using Apache for TextPattern.
Anything from how to stop bots from crawling my site to .. whatever..
Thanks much! :)
Offline
#2 2009-06-12 07:58:35
- gerhard01
- Plugin Author
- Registered: 2006-12-07
- Posts: 108
Re: Securing Textpattern out of the box. Anything additional to do?
Have a look at this thread and this wiki page
Offline
Re: Securing Textpattern out of the box. Anything additional to do?
Plus remember to secure the XAMPP server too.
- If you are using default users, then rename them. Also remember to set passwords for every user (DB, phpmyadmin).
- Also you could change the ports which makes port skanners life little harder.
- Rename access dirs of for example phpMyAdmin.
- Remove everything from public root you don’t need that could include exploits (xampp setup etc).
- And finaly you can put on a password with Apache.
Also we could note that XAMPP is recommended only for development use. For live production, you should really be using real Apache / IIS, MySQL and PHP installs, which stress the server far less and isn’t an Linux emulator standalone server.
Last edited by Gocom (2009-06-12 15:41:46)
Offline
#4 2009-06-12 17:46:16
- morser
- New Member
- Registered: 2009-06-07
- Posts: 7
Re: Securing Textpattern out of the box. Anything additional to do?
Thanks for the information.
I must say I tried to install apache, and MySQL with PHP. I could not get it to work together. So in less than 20 minutes I had Xampp up and running and TextPattern worked right away.
I am a Windows admin, but the integration of the above three boggled me. And rightly so, the textpattern guides don’t go to deep into setting up the required resources.
Thanks for the information. Leaving it the way it is (I just renamed the phpMyAdmin folder), how at risk is my little blog? I don’t know what you mean by default users, how to reset the passwords, what is needed in public root and what is not.
Offline