collapse

Author Topic: Security  (Read 1746 times)

Offline dpn

  • Jr. Member
  • **
  • Posts: 78
  • Karma: +1/-1
    • Team FoxTare
Security
« on: October 21, 2019, 07:27:16 AM »
Hi, I did some scanning for vulnerabilities to my website using online security tools, and most of them warn me about this (mozilla observatory, in this case):

Quote
X-Content-Type-Options: X-Content-Type-Options header not implemented    
X-Frame-Options: X-Frame-Options (XFO) header not implemented    
X-XSS-Protection: X-XSS-Protection header not implemented

I tried adding headers to .htaccess as recommended here:

Quote
Here are three .htaccess techniques to increase your site's security. These techniques add extra security headers to all of your site's resources. Specifically, this tutorial explains how to add X-Security Headers to protect against cross-site scripting (XSS), page-framing, and content-sniffing. Adding these extra headers is simple and helps to boost the security of your site.

 # Extra Security Headers
<IfModule mod_headers.c>
   Header set X-XSS-Protection "1; mode=block"
   Header always append X-Frame-Options SAMEORIGIN
   Header set X-Content-Type-Options nosniff
</IfModule>

https://htaccessbook.com/increase-security-x-security-headers/

Is not detected/ not working?



=Team FoxTare=
European Multi-Gaming Community For Legacy Shooters 2004-2005

Offline SE-JAY

  • Administrator
  • Hero Member
  • *****
  • Posts: 1092
  • Karma: +39/-1
Re: Security
« Reply #1 on: October 21, 2019, 08:28:40 AM »
Question,
Is your .htaccess file under your public_html directory?
Join Our Awesome Affiliates Program! Click Here For More info

Offline dpn

  • Jr. Member
  • **
  • Posts: 78
  • Karma: +1/-1
    • Team FoxTare
Re: Security
« Reply #2 on: October 21, 2019, 09:59:43 AM »
I left the .htaccess file on the dir it was by default, which is "public_html/cgi-bin"...

It's a bit odd, cause some headers like gzip compression or browser cache seem to be working, while others like custom 404 redirect or rewrite -to remove .php extension on browsers, to prevent hotlinking-, they don't.

Anyway, I'm becaming a bit fixated on security since I had a spam bot (now active but harmless) and my disk space has misteriously grow from 45 to 90 MB in just a couple of days.

Please move .htaccess to your documents root (public_html/). If you have a public forum/blog, it is really easy to get targetted by spam bots and unfortunately, the perfect solution doesn't exist :(
« Last Edit: October 21, 2019, 12:35:43 PM by SE-JAY »
=Team FoxTare=
European Multi-Gaming Community For Legacy Shooters 2004-2005

Offline dpn

  • Jr. Member
  • **
  • Posts: 78
  • Karma: +1/-1
    • Team FoxTare
Re: Security
« Reply #3 on: October 21, 2019, 01:20:36 PM »
.htaccess file in the right directory now, however pentest-tools.com & mozilla observatory are reporting the security headers as missing ...nah, forget it.

Spam is a really powerful enemy indeed, more interesting than those headers is this IP detection service: https://getipintel.net/ Someone who implemented it on his forum recommended to me, I'll give it a look when I have more time.
=Team FoxTare=
European Multi-Gaming Community For Legacy Shooters 2004-2005

Offline SE-JAY

  • Administrator
  • Hero Member
  • *****
  • Posts: 1092
  • Karma: +39/-1
Re: Security
« Reply #4 on: October 21, 2019, 02:22:59 PM »
Honestly man, with so many different things going on, I have 0 clue what could be going wrong.  Stop forum spam is another project, you might want to look at.

Also you can ban certain hostname ;)

.htaccess file in the right directory now, however pentest-tools.com & mozilla observatory are reporting the security headers as missing ...nah, forget it.

Spam is a really powerful enemy indeed, more interesting than those headers is this IP detection service: https://getipintel.net/ Someone who implemented it on his forum recommended to me, I'll give it a look when I have more time.
Join Our Awesome Affiliates Program! Click Here For More info

Offline dpn

  • Jr. Member
  • **
  • Posts: 78
  • Karma: +1/-1
    • Team FoxTare
Re: Security
« Reply #5 on: October 22, 2019, 03:47:04 AM »
Security headers working seamlessly now, thanks a lot.   :)
=Team FoxTare=
European Multi-Gaming Community For Legacy Shooters 2004-2005

 

Please disable Adblock

This is a free hosting service, where we rely on advertisement views, in order to generate revenue and pay server expenses. Please white list our website, if you would like to use this forum and/or our free hosting service.
We appreciate your support. Thank you.

Advertisement

* User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Recent Posts

Re: DirectAdmin Cpanel by juxhin20
[May 29, 2020, 04:16:41 PM]


Re: DirectAdmin Cpanel by SE-JAY
[May 29, 2020, 02:43:08 PM]


Re: DirectAdmin Cpanel by juxhin20
[May 29, 2020, 02:24:53 PM]


Re: DirectAdmin Cpanel by SE-JAY
[May 29, 2020, 02:21:46 PM]


Re: Mistake of invalid email by SE-JAY
[May 29, 2020, 02:21:19 PM]