By kennywalker on

I am noticing I'm getting some visits from Seoul originating IPs quite regularly. Mostly from Universities. They are attempting to access things like...oh, just the usual...my MySQL database, phpMyAdmin...you know, things like that. They're popping in directories and paths to try to see what is on my system. I'm running XAMPP and Drupal 4.7. What are the areas I can check to make sure they can't get in? I'm very new to all of this but it was fun to setup. I'm no MySQL or PHP guru, but I don't want to get hacked ;)

Is there a way that I can deny everything except the home page to all unregistered users?

Categories: Drupal 4.7.x

Comments

Michael M’s picture

Michael M commented

Drupal is very secure. You don't have to do anything to "protect" your website. The only thing that you should look out for is people attempting to hack personal/custom PHP files. You should also protect your site from mass postings using the captcha module.

You should also signup for drupal's security announcements newsletter at http://drupal.org/security

----
http://PointHomes.com

sepeck’s picture

sepeck commented

Get used to seeing them in the logs.
Read the XAMMP site for instructions on securing and making sure your site is secure.
Backup regularly in case you are hacked (read best practices link)

Uncheck access nodes for anonymous users in access control settings.
Use Front Page module to display a custom front page for anonymous users.

-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain

-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide

kennywalker’s picture

kennywalker commented

Thanks for that helpful info.

Michael M’s picture

Michael M commented

From XAMPP's website:

XAMPP is not meant for production use but only for developers in a development environment. The way XAMPP is configured is to be open as possible and allowing the developer anything he/she wants. For development environments this is great but in a production environment it could be fatal.

----
http://PointHomes.com

sepeck’s picture

sepeck commented

But they also have a page on how to set XAMMP up for production.
XAMMP Security console

-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain

-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide

kennywalker’s picture

kennywalker commented

Yeah, I was aware of their disclosure but lots of people are using it and it was much easier than doing it all individually. Thanks for the link to the info though, I have much reading to do now.