News:

Go to HostNed.com
Welcome.  This is a place to get user-to-user support, learn more, and share ideas.  If you can't find your answers here, feel free to ask by creating a new topic or visit the support ticket system at https://my.hostned.com :)  Have fun here!

Main Menu

Mambo - Questions

Started by changequick, October 18, 2007, 06:29:52 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

changequick

I've recently installed Mambo onto my server, however I've read lots about needing it to be secured because of potential for hacker abuse. I think my last site may have been hacked because of an installed Mambo package, that I never did anything with.

I read a tutorial that said:

First you may need to setup OpenSSL on your server:
http://www.openssl.org

As well as setting up mod_ssl:
http://www.modssl.org/docs/

Firstly you want to insure that users trying to access the /administrator section of Mambo
are forced to use an SSL connection. This assumes you have mod_rewrite installed on
your server. Add the following lines to your .htaccess file:

#/administrator/.htaccess
RewriteEngine On
RewriteRule ^/$ /index.php
RewriteCond %{SERVER_PORT} !443$
RewriteRule ^(.*) https://yourhost.com/administrator/$1 [R=301,L]

--------------------------------------------------------------------------------
So my question is how do I install these things onto my server? Is this something I can do for free without paying more?

I have a LINUX CUSTOM PLUS account.

--------------------------------------------------------------------------------

I want to begin editing the Mambo pages, but want to make sure it is secure as possibe.


Any advice on this would be great. I'm new to developing, and could use the help.

Rick

Dynaweb

Yes, security is a huge issue with Mambo and other CMS systems.  SSL is basically https:// protocol and almost all HostNed accounts support that, although IMO operating Mambo on https is not necessary.  The big security risks come from a variety of other things.  Make sure you have all security patches installed and turn off register_globals using an .htaccess file.  CHeck with the Mambo support site for further security precautions.