XF 1.3 i need some help with sercurity

[williams1997]

im trying to make my site alittle more sercure..

i have deleted the /install/ file to stop a exploit from that Dic

i deleted the swfupload folder to stop XSS Shell being inported

is they anythink else i can do to sercure my website...

 

[Paul B]

You don't need to remove the install directory.
If you're that concerned about it you can implement .htaccess auth: http://xenforo.com/community/resour...and-the-install-directory-using-htaccess.353/

 

[Chris D]

There are currently no known XSS vulnerabilities in XenForo's implementation of swfupload.

There was a well documented one that affected a very large number of scripts, including, potentially, XenForo. It was fixed nearly two years ago:
http://xenforo.com/community/threads/xenforo-security-fix-for-1-0-0-1-1-2.32890/

 

[TPerry]

And to take what @Brogan commented on a little further, in the htaccess you can restrict access to the /install directory to specific IP's.

 

[williams1997]

ok

 

[williams1997]

how would i do that

 

[TPerry]

how would i do that

How would you do what... allow based upon permissions? If so it's using the ALLOW/DENY capability in the .htaccess.

order deny,allow
deny from all
allow from 111.222.333.444

where 111.222.333.444 is your IP.

 

[williams1997]

i cant find that can you please help me

 

[TPerry]

i cant find that can you please help me

Quoting a portion of what you are responding to would help target what you need help with. If you are referring to the code segment I am talking about you won't find that in the default .htaccess. you have to create the entry as outlined in @Brogans referral and then add it in.