1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Xenforo Security and Hosting

Discussion in 'Server Configuration and Hosting' started by florencia, Apr 5, 2014.

  1. florencia

    florencia Active Member

    Your recommendations for best Xenforo setup and hosting requirements for hi-end xenforo security.
     
  2. oman

    oman Well-Known Member

    They are listed here: http://xenforo.com/purchase/
     
  3. florencia

    florencia Active Member

    those are the minimum system requirements. I'm looking for top security bro! Starting from a dedicated or collocation or managed. Best setup to make xenforo secure for members.
     
  4. borbole

    borbole Well-Known Member

    XenForo in itself is very secure. There has never been a security vulnerability found in its code.

    That being said, regarding the host, have a look around at webhostingtalk.com.
     
    Amaury likes this.
  5. florencia

    florencia Active Member

    If you had a forum for ex presidents of the United State for example. You would like their forum threads be very secure. How would you recommend setting up Xenforo ?
     
  6. oman

    oman Well-Known Member

    Make the nodes with the threads private and only allow access to specific people. You could even close registration.
     
    SneakyDave and Amaury like this.
  7. florencia

    florencia Active Member

    I think close registration is the best option as well. Do you need to have private nodes even if you have close registration or it makes no difference at this point?
     
  8. oman

    oman Well-Known Member

    Depends if you want to restrict viewing to a whole usergroup or just a few people...
     
  9. florencia

    florencia Active Member

    Maybe it wasn't clear. Does nodes provide an extra security level to the close registration?
     
  10. florencia

    florencia Active Member

    There is an addon that blocks the login attempts to 3 and the it block users, would you recommend to install it?
     
  11. oman

    oman Well-Known Member

    Nodes are only forums/sections you add. Permissions on those nodes would add an extra security level.

    You can also close your board so only administrators can access it: Options >> Board Active.
     
  12. florencia

    florencia Active Member

  13. Tracy Perry

    Tracy Perry Well-Known Member

    What is your budget for hosting? To "secure it" I'm assuming you want DDOS services, management of the server and forum management? Hope you got some big bucks handy for the site.
    Two factor authentication goes a long way towards securing it.
    I use it for the sites and also to lock down SSH access to the servers (in addition to using keys).
     
  14. Andrej

    Andrej Well-Known Member

  15. florencia

    florencia Active Member

    Tracy, I will reply more in detail about our project in private message.
     
  16. florencia

    florencia Active Member

    Thank you Andrej, I read the information in the plugins and it said support 1.2 so I thought is wasn't a core functionality for 1.2. OK. I'm glad I asked then. thank you.
     
  17. WSWD

    WSWD Well-Known Member

    The only 100% secure solution is not putting it on the Internet. If it's on the Internet, regardless of what it is or what your budget, you're leaving yourself open to vulnerabilities. You just have to deal with that.

    When you set up a server, just have a really good admin team go through and lock things down. I would recommend a place like Rack911. They are REALLY good at management and security. The absolute most secure would be a co-located server, with brand new drives that you purchased yourself and and were never used before.
     
    SneakyDave, Tracy Perry and borbole like this.
  18. Tracy Perry

    Tracy Perry Well-Known Member

    It's "fun" doing it yourself. I just got through setting up 3 VPS's on my new server and between CSF, Munin, SSH 2 factor authentication and a few other things I'm about ready to call it a night. :eek:
    I've been waiting on a RapidSSL certificate notification to show up but hit hasn't yet so I'll have to wait until it hits for me to use it.
     
  19. SneakyDave

    SneakyDave Well-Known Member

    For even more security, just use land line phones to share content.
     
    WSWD likes this.
  20. Floren

    Floren Well-Known Member

    Hire a consultant to setup securely your servers. None of the hosting providers I know have deep knowledge on a secure setup, all they care is to sell you the bandwidth. Not to mention a Linux distro was never designed to be secure from the start, as it was never designed to run web services.
     
    SneakyDave likes this.

Share This Page