The five aspect is forum security PHP Forum

Today I

with you to explore the application of BBS the next hot, is everyone in the forum, indeed, this is a very good application, such as many sites are integrated in this forum, currently doing the best, known to every family is discuz and phpwind, compared with discuz did a very good job. The basic 100 used in 80 discuz system, is now used by Tencent owned by Tencent, after the acquisition, the integration of many applications, such as QQ landing, cloud, etc., in the cache, the Tencent’s empire, is still growing rapidly, springing up, a forum for the rise in the sky this is how prosperity, ah, ah, that is not the 2 patron, not what to do, do not care about others, I believe we still remember, all occurred in recent months, C SDN, 7k7k, and other user information disclosure incident, we had to reflect on how to do forum security

I personally feel that the forum for the people, mostly do this operation, because they are doing very well, simple operation, a PHP forum is out, so many people give up, or ignore the forum security, how do the safety of it, I have to

password security

a) length (password length recommended above 8)

b) complexity (recommendations include, numeric, case letters, special characters allowed, consisting of passwords longer than 8 bits)

program security,

a) whether the program is the latest (visit the background, are generally prompted)

b) Sql injection detection, strict detection of each submitted data, filtering non allowed data

C) did you start the validation code, verify the code is simple, verify the length of the code (to avoid others analog landing, mass posting)

d) did you patch in time to patch up common vulnerabilities (through loopholes in the background)

server security


a start the back door, such as open ports that do not open (recommended only to open service ports, and other ports not to external)

b) intrusion detection system to detect malicious intrusion

C) rename administrator account, do not default, set strong password, fixed IP login

physical security

a) server to protect, can not be placed in any person can enter the computer room, requiring shock, lightning protection, waterproof, ventilation, temperature can not be raised, or else hardware is easy to break

data security

a) data should be backed up well, no >