How to Secure your BoonEx Dolphin Site

|
Saturday,23 February 2013 12 00 PM

Here are some basic tips to secure your BoonEx Dolphin website.

1) During your installation you must create an administrative profile

Don’t create a profile called “admin” but rather your nickname or first name as “henry”.

This prevents to distinguish the administrator (root) and fraud in connection (however, it is always possible with the admin ID ‘1’, but we shall see in another tutorial).

2) Rename the “administration” directory by another name

After edit “~/inc/header.inc.php” and replace this line

<i>$admin_dir                 = "administration";</i>

by

<i>$admin_dir                 = "another_name";</i>

Be careful to take a name difficult to guess but easy to remember.
Do not take the same name as your nickname or an alias of a member already registered on your site.

3) Deny access to directories that do not contain an index file

Edit .htaccess file in your root site
and replace “Options -MultiViews” to “Options -MultiViews -Indexes

4) Remove modules that are not installed

In most cases, you will be able to remove modules that are not installed.

This is a good thing because, first you free up space on your server, but you avoid potential operating faults or error messages disclosures of these modules.

5) Don’t show error messages to your visitors

When your site is no longer in development, you must set the “display_errors” PHP directive to “Off” in php.ini

If you do not have access to php.ini file, you can edit “~/inc/header.inc.php”

and insert this code into the file

<i>ini_set('display_errors ' , 'Off' );</i>

Do not forget that you need to keep track of errors in a log file.
You can also add this code if it is not set in php.ini

<i>ini_set('log_errors' , 'On');</i>
<i>ini_set('error_log', '/home/your_username/php_error.log');</i>
<i>ini_set('ignore_repeated_errors', 'On'); // Do not log repeated errors that occur in same file on same line.</i>

Remember also to properly configure the Dolphin security settings (enable CSRF token, limit the lifetime of the token, breach impact, etc.) and use the Page Access Control module.
Well, these tips are a good start to begin safely with Dolphin 😉

Looking for quality BoonEx Software Hosting? Look no further than Arvixe Web Hosting!

Tags: , , , , , , , , | Posted under BoonEX Dolphin, Errors, Security, Security/Vulnerability | RSS 2.0

Author Spotlight

Pierre-Henry Soria

I work in Web Development and Modern Web Design for several years. I specialize in accessibility, SEO and security and possible techniques to avoid intrusions. I also work on parsers and lexical and syntactic analyzers in low-level languages. My Github: https://github.com/ph-7 One of my open source project: https://github.com/pH7Software/
|
Personal Website

Leave a Reply

Your email address will not be published. Required fields are marked *