Mysql Security in Kloxo-MR

[prgs1971]

With a increase of 1600%(one thousand and six hundred percent) in Hackers attacks in 2013 i start to get very concerned about security in my VPS.

Now i look for every detail that can compromise security

I will try to learn the language used in that script and i will change it my self.

I hope that will not be to hard to prompt the user for a input in this language.

I will post that when done

[MRatWork]

I am not paranoid.

VPS for this forum not using firewall (like iptables/CSF). Why?. Because I think protect from nginx and lxguard is enough!.

[prgs1971]

If you not select 'mod_php' (already remove from Kloxo-MR) and only you (as root/admin) able access to ssh, no reason to worry other people able access to bash history (because impossible).

I think that only with ssh access as root/admin, as you say, will be possible to see that file, but i will take this caution anyway.

Thank you very much for your help and advice's

[MRatWork]

Remember, someone try access to your vps via ssh/ftp/panel will banned if fail until 20 (depend on your setting).

Also, sql-injection bug on Kloxo official already fixed in Kloxo-MR.

[prgs1971]

Remember, someone try access to your vps via ssh/ftp/panel will banned if fail until 20 (depend on your setting)

I have it enabled, but without a firewall you can exceed the max attempts you have configured.

Lxguard read from a log file the failed attempts and then blocks the ip...

I prefer to use Iptables or CSF to have real time blocking.

Also, sql-injection bug on Kloxo official already fixed in Kloxo-MR.

I was not aware of this one

[MRatWork]

Sql-injection in Kloxo official is critical issue because it's make someone from external to access/take-over your server after successful login.

[prgs1971]

You mean successful login to kloxo admin interface or user interface?

[MRatWork]

With sql-injection, possible someone login as 'admin' to Kloxo official panel.