e107help.org Q&A

Banlist use case [closed]

0 like 0 dislike

Hello,

*** CASE 1 ***
As I read your such this reassuring answer, I am wondering if you would advise to add the IP address of this unknown visitor to Blacklist !

*** CASE 2 ***
Another suspect things happened !
I received in my mailbox 2 messages mentioning my site name, with no content but the following (screenshots) :

As per to avoid this, would you advise to add the IP address to Blacklist, to register theses messages as “spam“, or both ?

My purpose being to start using e107 the securiest and most appropriate way, please tell me me what you think is best to do (or not) in both these cases.

e107 version e107 2.2.1
related to an answer for: Security matter : unexpected guest connection right after installation
closed
in Other by (29 points) 5
closed by
How do you know that those emails are sent via e107 site? (case 02) ?  It doesn't look like e107 form (only if you added phone to form)

.
by (2.0k points) 15 46 57

1 Answer

0 like 0 dislike
Best answer
That IP > Yes

No content but probably links.. What you do not know : never click (hover mouse and look what/where it goes to)

Hardening:
But go into admin/security settings use banflood, 10 would be normal, but you may go lower (min 3 i would say)
User registration when allowed? Confirmations required etc...captcha use on all cases maybe except admin

text part HTML and script use > strict as possible> too strict could pose some trouble when you add something in posts etc.. That
is a testcase ....
Go trough the preference settings and look what you can do.
Make very sure that your folders and files have correct chmod settings (as low as possible no 777 anywhere best would be 600-644.

iN regards to the received mails : check what you implemented smtp or php; although i am not aware of a recent issue with it; there always mail address harvesters, so a publicly seen mailadres can be an issue; Go to the cPanel or alike, and use some (diffs for servers so general answer) mail filters and make sure only 1 or 2 main addresses can use mail  example: admin at domain > no; info at domain (not needed?) no etc... you get the idea you could than use redirecting into spam folder direct on server level.etc...
Using contact page> use captcha, and restrict use of it when users are present, who can do what (admin/users mail  and classes etc..)

Success
by (3.3k points) 7 9 11
selected by
Show 4 previous comments

@moc, it was only a posting how to change the level on how to do that; it was mentioned to increase the level as on top mentioned standard=5, as i honestly do not know how to change level in admin..blush

Hacking the session handler is a wrong way to do it.

by (3.3k points) 7 9 11
I understand, but we are not encouraging to change that security level in the most recent versions. It should not be neccesary (only in specific cases for advanced users), as it has a very specific purpose. I deleted it because others may read it and apply it without knowing what it does, which may cause more trouble than advantages :)
by (2.7k points) 7 10 10

Ok, no issues here wink , but it is pointed out on faq at org also.. I keep it up in mind to only use such in case it IS a probable solution. Level 5 does its job afaik . I leave it there....

by (3.3k points) 7 9 11
@tgtje: No worries :) I get why you mentioned it, but that security level setting is only in case someone gets "Unauthorized access" messages. In that case, the specific server configuration may conflict with e107's security, and only then it is recommended to change the level. It is not meant for 'default' security, as the the default security in e107 is already pretty well organized. Increasing the security number should only be done for specific purposes.
by (2.7k points) 7 10 10
edited by
Welcome to e107 Q&A, where you can ask questions and receive answers from other members of the e107 community.
947 questions
1,349 answers
2,384 comments
2,336 users