• Hello Guest! Welcome to ConsoleCrunch, to help support our site check out the premium upgrades HERE! to get exclusive access to our hidden content.
  • Unable to load portions of the website...
    If you use an ad blocker addon, you should disable it because it interferes with several elements of the site and blocks more than just adverts.
  • Read Rules Before Posting Post Virus Scans with every program.

How to secure your xenforo forum

Dex4.21

Member
hello cruncher's

All Credit To avery


1) Always get the last version of xenforo

2) Put a .htaccess file inside your library folder to protect it and put in the htaccess:

Code:

<[Files ~ "^.*\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml)">[/COLOR]
Order allow,deny[/COLOR]
Deny from all
</Files>
<Files .htaccess>
order allow,deny
deny from all
</Files>


3) If you're the owner of the website please use different passwords for your :
  1. FTP
  2. Forum Login
  3. Cpanel Access
If you want to generate a password try this website :

Code:


And if you want to see how strong is your password go on this website :

Code:


4) Put a .htaccess file on your root directory normally there is already one (a htaccess.txt) rename it by .htaccess if not, create one and inside put :

Code:

#THIS IS NOT ON THE DEFAULT XF HTACCESS PLEASE A IT
Options -Indexes

#NO NEED TO ADD THIS IF YOU ARE ALREADY USING THE XF HTACCESS DEFAULT FILE
# Mod_security can interfere with uploading of content such as attachments. If you
# cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
# SecFilterEngine Off
# SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

<IfModule mod_rewrite.c>
RewriteEngine On

# If you are having problems with the rewrite rules, remove the "#" from the
# line that begins "RewriteBase" below. You will also have to change the path
# of the rewrite to reflect the path to your XenForo installation.
#RewriteBase /xenforo

# This line may be needed to enable WebDAV editing with PHP as a CGI.
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
</IfModule>

#THIS IS NOT ON THE DEFAULT XF HTACCESS PLEASE A IT
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

#THIS IS NOT ON THE DEFAULT XF HTACCESS PLEASE A IT
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://yourwebsite.com.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yourwebsite.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourwebsite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yourwebsite.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ yourwebsite.com [R,NC]

Please modify : http://yourwebsite.com and yourwebsite.com to your website link.

5)DELETE your "install" folder

6) Look up if your Xenforo files are on Chmoder 0644 (some on 0755) and never on 0777

7) Try not install no important add-ons, put add-ons which are importants for the community. Or create your own code to do what you want instead of using add-ons.

8) Never authorise HTML in the posts/messages

9) Always scan your PC against virus etc ...

10) If you suspect an attack from hackers change your pass of you forum/ftp/cpanel account

11) Regularly do backups of your forum on your PC

12) For DDOS protection see more here :

Code:


Or here:

Code:


13) If you want MySQL injection protection see more here :

Code:

 
General chit-chat
Help Users
  • @ QM|T_JinX:
    im in for that bro
  • @ QM|T_JinX:
    yea i saw the giveaways back then great job on that too
  • @ God:
    Thank you for the kind words, but I do it just for the people and community I love to help out anyway I can and give back to this amazing community!
  • @ God:
    What time is It for you bro? You live in the UK right
  • @ QM|T_JinX:
    22:26 no the netherlands
  • @ QM|T_JinX:
    yea i always found you a great staff member doing giveaways and stuff you guys made me want to be staff hahaha
  • @ QM|T_JinX:
    the fun you guys had as staff members joking around hahah
  • @ QM|T_JinX:
    did you speak to younis about maybe a plan or something to get this working again ?
  • @ God:
    I remember now it’s been a while you know lol but I remember you live in the Netherlands. You are a great Super Moderator bro as wel you are always active helping and trying to do what you can respect for you as well! I’m in the United States it’s 4:32pm here. What you going to do tonight?
  • @ QM|T_JinX:
    thanks bro appreciate that nothing mutch thinking about after the movie playing some red dead 2 almost have it on platinum haha
  • @ QM|T_JinX:
    so you thinking about become staff again or no great to have you back on here hto
  • @ QM|T_JinX:
    tho
  • @ God:
    That’s the truth I see I come on here often here lately, sometimes I don’t chat! But yes I really want to help out and do everything I can bring the site back like it should be bro! Maybe we could work something out, I think I have the resources and community to help
  • @ QM|T_JinX:
    yea i have seen you on here just like unbound and some others but they didnt stick haha yea would be great to see this site grow again like you said like it should be
  • @ God:
    We will see we gotta talk to the boss man Younis
  • @ QM|T_JinX:
    for sure haha well lets hope right
  • @ QM|T_JinX:
    i still think if there was a jailbreak for ps4 this site would have been back for sure
  • @ God:
    That would be awesome I’m sure it will happen before long, technology now a days is crazy! If we can work out a deal and plans I’ll be spreading the word and doing a lot to make it better more attractive and helpful fourms tips giveaways and all
  • @ God:
    I’ve been messing and working with trying to make great CSS for the names. Like Staff Premium news writer etc..
  • @ QM|T_JinX:
    ok so hows that going /
  • @ God:
    It’s going good. So we will see what happens and if the site can come back like it was or better
  • @ QM|T_JinX:
    nice yea lets hope
  • @ QM|T_JinX:
    im going to play some red dead it was great to have spoken to you bro nice to see you back on here
  • @ QM|T_JinX:
    hope you have a great night bro
  • @ God:
    It was good talking with you as well, you have a great night! We will talk later bro
      @ God: It was good talking with you as well, you have a great night! We will talk later bro
      Back
      Top