te3:allowed_ips
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
te3:allowed_ips [2014/08/08 11:52] – created moderator | te3:allowed_ips [2015/07/13 18:13] (current) – moderator | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== | + | ====== |
+ | ~~NOTOC~~ | ||
Menu: {{: | Menu: {{: | ||
- | {{INLINETOC}} | + | * [[te3: |
+ | * [[te3: | ||
+ | * [[te3: | ||
- | ---- | ||
+ | Like it or not, hackers will try break into any script installed on your server and TE3 is no exception. After they gain access to the admin interface of the script, it is much easier to gain access to the server as well. Same goes for the opposite. If they gain access to your server they can change files owned by your user, meaning they can also overwritte legit TE3 files with harmful ones and often that can be tricky for you to notice. | ||
+ | You should use all of the available security measures to make that task as hard as possible for them. We will describe two measures how you can and should protect yourself. TE3's " | ||
- | ===== IP protect your admin interface ===== | ||
+ | ---- | ||
- | Like it or not, hackers will try break into any script installed on your server and TE3 is no exception. After they gain access to the admin interface of the script, it is much easier to gain access to the server as well. Same goes for the opposite. If they gain access to your server they can change files owned by your user, meaning they can also overwritte legit TE3 files with harmful ones and often that can be tricky for you to notice. | + | ===== Allowed IPs: ===== |
- | You should | + | It only protects TE3 files that should |
- | <color blue>If you have a static IP</ | + | Protected PHP files: index.php, rlogin.php |
+ | Unprotected PHP files: in.php, out.php, signup.php, webmaster_stats.php, | ||
+ | |||
+ | **If you have a static IP** (IP is never changing) on your home machine, it is very simple to configure " | ||
- | <color blue>If your IP is changing</color> all the time, you can still configure it, but it might be a bit tricker. Usually internet service providers will only change last one or last two numbers of your IP. If that is the case, simply add your whole block. Even if you will add a whole IP block, you will reduce the number of potential hackers to nearly zero. Users that are not listed in the " | + | <fs 112%>**Step by step**</fs> |
- | ---- | + | {{: |
+ | {{: | ||
+ | {{: | ||
- | ==== Allowed IPs: ==== | + | {{:te3: |
+ | {{: | ||
- | It only protects TE3 files that should never be opened to the public (no function or meaning to open them to the public). It doesn't protect files such as '' | + | {{: |
+ | |||
+ | **If your IP is changing** all the time, you can still configure it, but it might be a bit tricker. Usually internet service providers will only change last one or last two numbers | ||
- | Protected PHP files: index.php, rlogin.php | ||
- | Unprotected PHP files: in.php, out.php, signup.php, webmaster_stats.php, | ||
You can add one or multiple IPs at the same time. To enter multiple IPs, add one IP per line. You can add a whole IP block to the list as well (x. - A block, x.x. - B block, x.x.x. - C block). If the last character in the string is '' | You can add one or multiple IPs at the same time. To enter multiple IPs, add one IP per line. You can add a whole IP block to the list as well (x. - A block, x.x. - B block, x.x.x. - C block). If the last character in the string is '' | ||
Line 35: | Line 46: | ||
---- | ---- | ||
- | ==== .htaccess: ==== | + | ===== .htaccess: ===== |
+ | |||
+ | IP protection with htaccess is more flexible than " | ||
- | IP protection with htaccess is more flexible than " | + | <fs 112%> |
- | <color grey>Here is an example of how htaccess protection should look like. You can use (copy paste) | + | {{: |
+ | {{: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | |||
+ | ++++ Example of .htaccess protection | | ||
+ | Here is an example of how .htaccess protection should look like. You can use (copy paste) | ||
< | < | ||
Line 47: | Line 71: | ||
</ | </ | ||
+ | ++++ | ||
---- | ---- | ||
- | ==== PHP files inside /te3/ directory ==== | + | ===== PHP files inside /te3/ directory ===== |
- | Here is a brief description of the PHP files inside /te3/ directory, so you can better understand what is their task and which of them should be <color blue>IP protected</ | + | Here is a brief description of the PHP files inside /te3/ directory, so you can better understand what is their task and which of them should be IP protected. |
- **cron.php**: | - **cron.php**: | ||
- | - **in.php**: Module for tracking incoming traffic. It has to be opened to the public. \\ \\ | + | - **in.php**: Module for tracking |
- **index.php**: | - **index.php**: | ||
- **out.php**: | - **out.php**: | ||
- **rlogin.php**: | - **rlogin.php**: | ||
- | - **securityimage.php**: | + | - **securityimage.php**: |
- | - **signup.php**: | + | - **signup.php**: |
- | - **te_redirect.php**: | + | - **te_redirect.php**: |
- **webmaster_stats.php**: | - **webmaster_stats.php**: | ||
te3/allowed_ips.1407498768.txt.gz · Last modified: 2014/08/08 11:52 by moderator