How to Secure your BoonEx Dolphin Site
Written by Henry Soria Saturday, 23 February 2013
Here are some basic tips to secure your BoonEx Dolphin website.
1) During your installation you must create an administrative profile
Don’t create a profile called “admin” but rather your nickname or first name as “henry”.
This prevents to distinguish the administrator (root) and fraud in connection (however, it is always possible with the admin ID ’1′, but we shall see in another tutorial).
2) Rename the “administration” directory by another name
After edit “~/inc/header.inc.php” and replace this line
<i>$admin_dir = "administration";</i>
<i>$admin_dir = "another_name";</i>
Be careful to take a name difficult to guess but easy to remember.
Do not take the same name as your nickname or an alias of a member already registered on your site.
3) Deny access to directories that do not contain an index file
Edit .htaccess file in your root site
and replace “Options -MultiViews” to “Options -MultiViews -Indexes”
4) Remove modules that are not installed
In most cases, you will be able to remove modules that are not installed.
This is a good thing because, first you free up space on your server, but you avoid potential operating faults or error messages disclosures of these modules.
5) Don’t show error messages to your visitors
When your site is no longer in development, you must set the “display_errors” PHP directive to “Off” in php.ini
If you do not have access to php.ini file, you can edit “~/inc/header.inc.php”
and insert this code into the file
<i>ini_set('display_errors ' , 'Off' );</i>
Do not forget that you need to keep track of errors in a log file.
You can also add this code if it is not set in php.ini
<i>ini_set('log_errors' , 'On');</i> <i>ini_set('error_log', '/home/your_username/php_error.log');</i> <i>ini_set('ignore_repeated_errors', 'On'); // Do not log repeated errors that occur in same file on same line.</i>
Remember also to properly configure the Dolphin security settings (enable CSRF token, limit the lifetime of the token, breach impact, etc.) and use the Page Access Control module.
Well, these tips are a good start to begin safely with Dolphin