-
- 2,877 Posts
CSRF Protector 0.2
https://addons.mozilla.org/en-US/firefox/addon/8996
Works with Firefox 3.0
// But I just strongly recommend my clients to clear browser cache and delete cookies
before they log into MODx and preferable not open tabs with other sites. Rather use
another browser. + Run scheduled anti-virus/malware scans on their hard drives.
SSL Encryption
http://modxcms.com/extras/package/?package=570
Change Password often and use
different ones
http://keepass.info/
Backup your site often, so if hacked you can wipe everything on the server
http://modxcms.com/extras/package/?package=46
My approach
once a month:
http://modxcms.com/forums/index.php/topic,39040.msg235594.html#msg235594
(
http://modxcms.com/forums/index.php/topic,39776.msg240442.html#msg240442 )
...
-
- 2,877 Posts
No, I said root folder. (but that is if the rule in manager htaccess don’t work)
The eForm link is to PMS security modification. I don’t know if Toby have added it to the default package.
-
- 2,877 Posts
Regarding BkupModx 2.3 - When I have time I will test it in Evo. I haven’t heard
it wouldn’t work... There has been discussion to replace the now in place backup
with this one for EVO!!
Regarding changing file permissions. Since 0.9.6:
* [Security] Changed installer to set correct file permissions on systems running php suid (2163)
* [FS#525] Add support for folder/file permission settings in the Resource Browser. (1832)
http://svn.modxcms.com/svn/tattoo/tattoo/releases/1.0.0/install/changelog.txt
Tip number uno - Subscribe to the Security RSS feed from MODx and your host. And update/upgrade your code as much as possible, all the time.
Maybe you should link back to this thread in that wiki article...
-
- 2,877 Posts
-
- 2,877 Posts
-
- 24,544 Posts
Quote from: sarah123 at Oct 03, 2009, 03:05 PM
Thanks so much for the links, but now I have several more questions as I’m rewriting much of the following wiki security page for modx:
http://wiki.modxcms.com/index.php/Securing_your_site#Firefox_addons
Now, may I ask if I am permitted to delete the WHOLE section called "Changing MODx’s Handling of File Permissions- Due to incompatibility do not implement the following instructions if your version of MODx is Evolution 1.0.0 "
The reason why I ask is because it is out of date, although it may be advisable to follow the steps for those who have older versions of Modx.
sarah123: Thanks for your contributions!
I rewrote that section to make the warning clearer, but I think you may be right that deleting it is the way to go. People with versions it would apply to should really update to the current 1.x version rather than hacking the MODx code. With those older versions, they have other security problems that are best addressed by upgrading.
Does anyone disagree?