By setting the total security impact thresholds to -1, does that leave a site more vulnerable to attacks? My site isn't even up and running yet (it's still under construction) and I am getting those security attack emails. So I'm looking to stop the emails but not leave the site vulnerable to attack.
Site vulnerabilty to attacks
 |
No, it does not. As long as you keep your server software up-to-date and your settings (such as permissions) in-line, you are all good. The PHPIDS feature was suggested by a security audit that did more harm than good. The undying example here are the long list of Dolphin 6.1 sites who are both large and free from any security woes. Keep it off, you're not missing anything. BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Being that I'm still new to all of this, I have no idea how to keep permissions in line and I don't have server software since my site is hosted. I read on an older post that by changing the total security impact thresholds to -1 it would stop the security attack emails. So it can, without being vulnerable to attacks but what do I have to do to keep permissions in line? |
Keeping permissions in line refers to the file and directory permissions that you should have set-up when installing Dolphin. If you web hosting provider handles the software on your server, you need not worry, since they should be doing the job of applying all necessary updates. BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Yes and the hosting provider handled the D7 install as well, so I know just a little about permissions (only from some of the annoying mod istalls that I needed to change permissions on). So what do I have to look out for as far as permissions go when setting the total security impact thresholds to -1? Thanks for your help on this Magnus. |
Yes and the hosting provider handled the D7 install as well, so I know just a little about permissions (only from some of the annoying mod istalls that I needed to change permissions on). So what do I have to look out for as far as permissions go when setting the total security impact thresholds to -1? Thanks for your help on this Magnus. If the web hosting provider was successfully able to install Dolphin, then that would mean that the permissions are in-line already. BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Thanks, so I can just set to -1 and not have to worry about getting the emails or about my site being vulnerable to attack, correct? |
Thanks, so I can just set to -1 and not have to worry about getting the emails or about my site being vulnerable to attack, correct? The choice is up to you, but many people have already disabled the option, since it is considered to be pointless. You can either set the threshold to a higher level, or stop it altogether by disabling it with "-1." I have not noticed any vulnerabilities with this setting disabled. BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Thank you for the info on this matter! Been helpfull! |
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
The new Dolphin solution is powered by UNA Community Management System.