- What kind of security does IP Board offer against spam bots, crawlers, spoofers, and every other cool hacking term I failed to mentioned?
- I assume it's like every other site addon. Delete the install folder when done, change CHMOD of certain files & folders?
- Set privileges for threads / accounts?
2 replies to this topic
#1
Matrixfox
-
- Visitors
-
- 3 posts
IPB Newbie
Posted 29 April 2012 - 04:03 PM
I'm really interested in this subject and my account is very limited.
#2
bfarber
-
- IPS Management
-
- 27,056 posts
RBT-KS
Posted 30 April 2012 - 09:01 AM
There are many many layers of security in IP.Board, and when security issues are found we release patches to fix the problem. It's very difficult to list *every* security feature in IP.Board, but some off the top of my head...
You can delete the install folder after if you want, however a flat file is written to disk that locks the installer if you don't. Necessary CHMOD permissions will depend on your server setup (using cgi or fast-cgi for PHP will allow you to use 644 for files and 755 for folders that need to be written to, for instance).
Permission capabilities are very robust. I encourage you to sign up for a free demo to see for yourself.
- You can change your admin directory, making it difficult for random users to "guess" the location
- You can secure the admin directory with .htaccess
- There are many layers of authorization within the software - you can configure permissions for features to your liking
- We host a spam service that comes with your license which helps to block spam bots
- Registration supports reCAPTCHA or the older image-based CAPTCHA, as well as custom question and answer challenges
- Unique keys are used by the software to protect against CSRF
- Most important cookies are set with an "http-only" flag, meaning javascript (and subsequently XSS attacks) can't access them, should a new one be found
- You can configure user-agent matching in the ACP to block or recognize spoofing agents if you discover one
- There are many ban tools, from banning accounts to usernames to IP addresses to email addresses and even entire groups of users
You can delete the install folder after if you want, however a flat file is written to disk that locks the installer if you don't. Necessary CHMOD permissions will depend on your server setup (using cgi or fast-cgi for PHP will allow you to use 644 for files and 755 for folders that need to be written to, for instance).
Permission capabilities are very robust. I encourage you to sign up for a free demo to see for yourself.
Brandon Farber
Developer / Senior Support
If it sounds like fun, it's not allowed on the bus!
Invision Power Services, Inc.
Developer / Senior Support
If it sounds like fun, it's not allowed on the bus!
Invision Power Services, Inc.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
