Five Discussion forum security (PHP forum)

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Today I discuss with you next a popular application BBS, that is, everyone's mouth of the forum, indeed, this is a very good application, such as see a lot of sites have integrated this forum, is currently doing the best, household name is discuz and Phpwind, compared to discuz do very good, Of the basic 100, 80 are using the Discuz system, now Tencent's application, after the acquisition of Tencent, the integration of a lot of applications, such as QQ Landing, cloud, advanced cache, etc., in the Tencent Empire, still fast growth, such as springing up, a forum to rise, What a prosperous sight this is, yes ah, that is not there are 2 of these backers, do not have to do anything, do not care about other, I believe we still remember, in recent months, the various, csdn,7k7k, and other user information leaked events, we have to reflect on how to do a good forum security

I personally think, do the forum, most of the people do operations, because they do very good, simple operation, a PHP forum to get out, so many people give up, or ignore the security of the Forum, how to do this security, we discuss

Password security

A) Length (password length recommended above 8 digits)

(b) Complexity (recommended includes, numbers, uppercase and lowercase letters, allowed special characters to compose such a password with a length greater than 8 digits)

Program Security

(a) Whether the program is the latest (log in the background, are usually prompted)

b SQL injection detection, the data submitted to the strict detection, filtering the data is not allowed

c) Whether to start the verification code, verify the code is simple, the length of the verification code (to avoid other people simulate landing, bulk posting)

D whether the timely patching, will be a common loophole to make up for not (through the loopholes in charge of the background)

Server security

(a) whether to start the back door, such as the need to open the port to open (we recommend only open the service port, other ports do not external)

b Intrusion detection system, detect whether someone malicious intrusion

C Rename administrator account, do not default, set strong password, fixed IP login

Physical security

A the server should be protected, can not casually put in any person can enter the room, the requirements of shockproof, lightning, waterproof, ventilated places, temperature can not be elevated, or the hardware will be easily broken off

Data security

A) data to back up good, do not know that day hard drive broken, that tragedy, the past to pay all the above is my personal point of view, I personally feel good forum security, to ensure continuous service, is the vast number of netizens see!