linerlegacy.blogg.se

#Drupal login with battle.net install#

You can “harden” your version of PHP by making some modifications to the php.ini file.

Mod_evasive is helpful in detecting and preventing http-based DoS or DDoS attacks and can work with your firewall, ipchains or other network equipment to ban IPs and IP-ranges. Another module to consider is using mod_evasive. We use the OSWAP curated rule set on many of our installation. In addition to this, you can use “curated” rule sets from different vendors.

You can install mod_security and use their stock rule set for a good baseline security. Apache has a number of modules that help security at the web server level and block various attacks and known exploits.

Install a Web Application Firewall (WAP).

Most serious businesses have a static IP address for their offices – if you do not, then it is time to call your ISP. While it may appear beneficial to have your administration logins available from any IP address – locking down the administration area to only approved IP addresses goes a long way to preventing access. Less to maintain = less that needs to be guarded or could become vulnerable.

If a module is not needed, then it should be removed. This post is not going to go into server architecture or best practices for managing packages, RPMs, or other components – for now we will focus on the application layer. Many clients do not understand that you have to work on securing everything that makes up your website – from server operating system all the way to the application layer. Security, as a baseline, is always a multi-layered exercise. Securing Drupal, regardless of the version you are working with, is not that difficult.

#Drupal login with battle.net install#