e107help.org Q&A

Security matter : unexpected guest connection right after installation [closed]

0 like 0 dislike

Hello,

**** MY ENVIRONMENT INFOS ***
Remote SSD 2 VPS, running distro Ubuntu 18.04 LTS
Server.Control Panel : ISPConfig 3 (last version)

I am totaly a newbie to e107 CMS that I installed yesterday on a test environment (details hereafter), and I wish to have the community word about what I observed that seems to be a security lack (screenshots here below) :

While manipulating to e107 CMS to discover the “admin area“ functionalities, I observed that in the “Website status“ sub-pan, the “online“ tab was showing 2 connected users. I then clicked the tab to view the user list : one was the main admin member (myself) and the other connected one was labelled as a guest !!!!

Until now I did not inform any one yet about the domain name that allow to connect my website performed with e107 CMS, so how can this be, and how can I prevent it ?

Consequently, and for security reason as explained here on the web, I feel not confident to disable “Curl“ and “allow_url_fopen“, as suggested in the warning message that appeared on top of the PHPInfo page.

Awaiting for some help regarding these above, in the purpose to secure my CMS.

Regards

 

 

 

e107 version e107 2.2.1
closed
in Other by (29 points) 5
closed by
In addition to Tgtje's answer below, I would like to add that e107 is already pretty secure by default without needing to chagne any settings. I assume you are hosting on a webserver that you control yourself? In that case, my biggest concern would be server security, and not specifically the security of e107 itself.

The settings you mentioned (in the PHP info page) are not related to your 'issue' of having search bots crawl your website :)
by (2.8k points) 7 10 10

1 Answer

0 like 0 dislike
Best answer

Well how to explain; there are searchbots, and lot of other 'let's call them thingies' surrounding a domain or server. 
Such notice that a guest is there is a connection (not logged in) on the (your domain) which kind of 'peeks' who;what is present.

Since you got an ip adress you could investigate yourself who it is (here's where it is pointing to > https://db-ip.com/as8075-microsoft-corporation ).

This is normal behaviour. Even if your domain is still 'fresh' Arin or alike (domain has an ip address given which uses servers), is already providing available information about the existence of your domain.

It will take a little time before you will notice that searchbots like google/alexa etc.. will visit too. 
Helas this will also be the case for spam and or hacking (scripts)-bots .

Do not worry it is no breach.. It is plain info for you to know if somebody or it.. is on your domain.

does this looks familar ? ProXad/Free SAS which gives 

Créteil / Val-de-Marne (94) somewhere there in the neighboorhood (or origin from). This info is publicly to be found (lesson also > you post image and you expose an ip wink.
Hoping my provided is somewhat correct, you see it is not that hard. ps it is not your domain address btw, it is your own home address hmm likely a Firefox fan yes

by (3.3k points) 8 9 11
selected by
Banlist use case
asked Apr 5, 2020 in Other by (29 points) 5
closed Apr 9, 2020 by
Iff you are satisfied with the answer please close the post.
by (3.3k points) 8 9 11
This is a not a security risk, but it just shows that search engines are crawling your website, which is normal behaviour.  You can prevent this by using a robots.txt file (google can provide more information on that).

Please note that by default, e107 is already pretty secure without needing to change any settings.
by (2.8k points) 7 10 10

Additionally,  you can control the behaviour of search bots using a robots.txt file. For more information, google. For example: https://support.google.com/webmasters/answer/6062596?hl=fr

by (2.8k points) 7 10 10
Welcome to e107 Q&A, where you can ask questions and receive answers from other members of the e107 community.
956 questions
1,359 answers
2,420 comments
2,360 users