Discussion in 'Server Configuration and Hosting' started by florencia, Apr 5, 2014.
Your recommendations for best Xenforo setup and hosting requirements for hi-end xenforo security.
They are listed here: http://xenforo.com/purchase/
those are the minimum system requirements. I'm looking for top security bro! Starting from a dedicated or collocation or managed. Best setup to make xenforo secure for members.
XenForo in itself is very secure. There has never been a security vulnerability found in its code.
That being said, regarding the host, have a look around at webhostingtalk.com.
If you had a forum for ex presidents of the United State for example. You would like their forum threads be very secure. How would you recommend setting up Xenforo ?
Make the nodes with the threads private and only allow access to specific people. You could even close registration.
I think close registration is the best option as well. Do you need to have private nodes even if you have close registration or it makes no difference at this point?
Depends if you want to restrict viewing to a whole usergroup or just a few people...
Maybe it wasn't clear. Does nodes provide an extra security level to the close registration?
There is an addon that blocks the login attempts to 3 and the it block users, would you recommend to install it?
Nodes are only forums/sections you add. Permissions on those nodes would add an extra security level.
You can also close your board so only administrators can access it: Options >> Board Active.
This looks also helpfull. http://xenforo.com/community/resources/secure-admincp.415/
There is an addon that blocks the login attempts to 3 and the it block users, would you recommend to install it? http://xenforo.com/community/resources/loginuserlocks-prevent-brute-force-security.1347/
What is your budget for hosting? To "secure it" I'm assuming you want DDOS services, management of the server and forum management? Hope you got some big bucks handy for the site.
Two factor authentication goes a long way towards securing it.
I use it for the sites and also to lock down SSH access to the servers (in addition to using keys).
This is core functionality.
Tracy, I will reply more in detail about our project in private message.
Thank you Andrej, I read the information in the plugins and it said support 1.2 so I thought is wasn't a core functionality for 1.2. OK. I'm glad I asked then. thank you.
The only 100% secure solution is not putting it on the Internet. If it's on the Internet, regardless of what it is or what your budget, you're leaving yourself open to vulnerabilities. You just have to deal with that.
When you set up a server, just have a really good admin team go through and lock things down. I would recommend a place like Rack911. They are REALLY good at management and security. The absolute most secure would be a co-located server, with brand new drives that you purchased yourself and and were never used before.
It's "fun" doing it yourself. I just got through setting up 3 VPS's on my new server and between CSF, Munin, SSH 2 factor authentication and a few other things I'm about ready to call it a night.
I've been waiting on a RapidSSL certificate notification to show up but hit hasn't yet so I'll have to wait until it hits for me to use it.
For even more security, just use land line phones to share content.
Hire a consultant to setup securely your servers. None of the hosting providers I know have deep knowledge on a secure setup, all they care is to sell you the bandwidth. Not to mention a Linux distro was never designed to be secure from the start, as it was never designed to run web services.
Separate names with a comma.