HAKIRAN WEB :::: Content Management System :::: Open Source Forumi na južnoslavenskim jezicima :::: Bosna i Hercegovina, Crna Gora, Hrvatska, Srbija, Makedonija, Slovenija,

Welcome, Guest. Please login or register.
Did you miss your activation email?

Search

18033 Posts in 2318 Topics- by 790 Members - Latest Member: rankomil

Euro Free Code Forumi

Open Source Content Management Systems

Joomla Content Management System Forumi

Sigurnost / Bezbjednost

(Moderators: B@NE, tesic)HAKIRAN WEB

« previous next »

Pages: [1] Go Down

Author

Topic: HAKIRAN WEB (Read 1228 times)

dzeni

Newbie

Offline

Posts: 9

HAKIRAN WEB

« on: 25.08.2007; 22:32:20 PM »

Cao! Vidim da se pisalo o tome al nikako da nadjem neko konkretno rješenje. Zadnjih par dana se neko logira na web pomocu usera i passworda editora i super administratora te mijenja tektove na pocetnoj stranici. Nije nista kriticno za sad, ali kako se obranit od toga? Citala sam da moram izbrisat cookie, maknut ''remember me'', itd...Postoji li neka instalacija nekog sigurnosnog softwarea?


	Logged

fantastic

SITE ADMIN
Hero Member

Offline

Posts: 1272

Re: HAKIRAN WEB

« Reply #1 on: 25.08.2007; 23:52:57 PM »

Link...

Vidi ko je osim tebe super administrator ili u joomli ili u bazi... promijeni password za admin panel svih korisnika koji imaju tamo pristup... zastiti admin dir preko .htaccess-a. Na chmod 444 postavi index.php u rootu joomle, configuration.php, index.php templatea, template_css.css u /templates/css/. Radi sigurnosti mozes i promijeniti parametre za bazu i ftp. Zatim da u .htaccess imas ono za blockout itd. Iako nije 100% sigurno (jer i ne moze biti) ovako ti je sajt malo sigurniji.

btw, probaj mu naci IP, pa blokiraj, iako nece puno pomoci, ali eto za svaki slucaj. Smiley

Imas srecu sto jos mjenja text vijesti... Wink


	Logged

www.epicentar.info | http://fantastic.epicentar.info

kebic

Dejan Viduka
Hero Member

Offline

Posts: 1220

Re: HAKIRAN WEB

« Reply #2 on: 26.08.2007; 00:08:43 AM »

Probaj jos da promenis sifru za pristup bazi i naravno da ga onda promenis i conf. fajlu.


	Logged

"Ako danas ne uspemo, jedini razlog smo mi sami!" -Z.Đ.
www.sanovnik.info
www.ribolovacki-magazin.co.yu
www.joomla-download.net

Enzo

Zenica
Hero Member

Offline

Posts: 513

MONOBLUE.ORG

Re: HAKIRAN WEB

« Reply #3 on: 26.08.2007; 09:04:15 AM »

Uradi upgrade i zaštiti administratorsi dio passwordom na direktorij preko .htaccess i po mogućnosti ako možeš instaliraj JACLPlus ta komponenta je super za uskraćivanje prava administratorima, kreiranje novih grupa i dodjeljivanje prava istima. Još malo se poigraj na permisijama i bit ćeš ok.


	Logged

http://www.monoblue.org/forum/index.php/topic,182.0.html

kebic

Dejan Viduka
Hero Member

Offline

Posts: 1220

Re: HAKIRAN WEB

« Reply #4 on: 26.08.2007; 16:28:08 PM »

A evo i kako da zastitis administratorski deo: http://www.eurofreecode.com/faq_i_tutorials_tutorijali/kako_zastititi_direktorijum_restrected_access-t664.0.html


	Logged

"Ako danas ne uspemo, jedini razlog smo mi sami!" -Z.Đ.
www.sanovnik.info
www.ribolovacki-magazin.co.yu
www.joomla-download.net

dzeni

Newbie

Offline

Posts: 9

Re: HAKIRAN WEB

« Reply #5 on: 26.08.2007; 20:38:12 PM »

hvala vam puno na trudu. Grin Thumb up

izmjenila sam dozvole, promijenila passworde i jos par sitnica i za sad je sve ok. jedino onaj blockout nisam skuzila.


	Logged

kebic

Dejan Viduka
Hero Member

Offline

Posts: 1220

Re: HAKIRAN WEB

« Reply #6 on: 26.08.2007; 20:48:11 PM »

Nema veze ako si sve ostalo podesila to sa blokiranjem sto je fanta predlozio i nije neka zastita.


	Logged

"Ako danas ne uspemo, jedini razlog smo mi sami!" -Z.Đ.
www.sanovnik.info
www.ribolovacki-magazin.co.yu
www.joomla-download.net

fantastic

SITE ADMIN
Hero Member

Offline

Posts: 1272

Re: HAKIRAN WEB

« Reply #7 on: 26.08.2007; 22:54:36 PM »

U .htaccess ubacis ovo:

Code:

########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*$.*$ [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits

Mozda i nije neka zastita, ali eto nek' se nadje.


	Logged

www.epicentar.info | http://fantastic.epicentar.info

Pages: [1] Go Up

« previous next »

Jump to:

Welcome, Guest. Please login or register.Did you miss your activation email?

Search

Welcome, Guest. Please login or register.
Did you miss your activation email?