Menu

Topic-icon security procedure

  • herveD
  • herveD's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
1 week 3 days ago - 1 week 3 days ago #6345 by herveD
security procedure was created by herveD
Hi Jose
fter restoration of this site and intervention of other sites wp hacked, I will need to clarify the operation of your extension (which I do not find easy to use especially if it is done every 6 months. the ergonomics of your equivalent for wp with a counter to indicate the security en.wordpress.org/plugins/all-in-one-wp-security-and-firewall/ )

I will then set up a process to stop bothering you

/ * security procedure * /

1 / website side with "Securitycheck PRO"
1-1 I download the following standard file (is this correct for most cases?) In Menu: Task> import config
1-2 I put the MetaDefender Cloud key ( portal.opswat.com/ ) in Menu: Configuration> Global [malware scan tab]
1-3 I download the plugin protection (paying?) securitycheck.protegetuordenador.com/dow...pam-protection-1-0-5 in joomla
1-4 I download the free plugin: Status to update it to the database
where url please?
1-5 I scan Menu: Options> Malaware scanner by clicking on the start button
1-6 set daily "check both permissions and integrity" in Menu: Configuration> cron configuration

A priori there are no other basic operations?

2 / Integration of the site containing "Securitycheck PRO" in another site including just "control center"
how to do ?

3 / control center side
This extension serves to
a / automate backup via akeeebackup
b / have a general dashboard with extension and joomla update information?

all sites must be in https? (Maybe that's why the link between my first 2 sites did not work)

how to do ?
Regards
Last edit: 1 week 3 days ago by Jose. Reason: Delete attached files to avoid information disclosure

Please Log in or Create an account to join the conversation.

More
1 week 3 days ago #6347 by Jose
Replied by Jose on topic security procedure
Hi Herve,

You put too many questions to be replied :)

Many of your doubts can be solved reading the user guides ( securitycheck.protegetuordenador.com/forum/17-documentation ). This is not a whim: I spend many time updating the user guides to keep them as a reference when someone use the extensions.

Anyway, in general terms, you should:

- Install Securitycheck Pro.
- Import the (previously exported) config file if you have many sites to manage.
- Configure the cron to launch a daily scan integrity. Default option is to alternate file integrity and permission tasks, but in your case I recommend only the integrity. This way you will have a daily report of new modified files, that is important if you have been hacked in the past and you have other sites stored in the same hosting.
- Check logs every day and add offensive ips to blacklist.

If you don't have time to check your sites daily, then you can use the Control Center. This will allow you to manage all your Joomla websites from a centralized console and save many many time. You only have to enable this option in Securitycheck Pro (generating a key) and use it in the Control Center. Again I refer to the manual to know how to do this.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • herveD
  • herveD's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
1 week 2 days ago #6349 by herveD
Replied by herveD on topic security procedure
Hello
I understand and respect the time spent but it must be understood that for my part, I really have trouble understanding the documentation and interface of the extension (accentuated / aggravated by my bad English!).
I spent several hours there (again this morning). By making a simple and adapted procedure, I increase considerably the good security of my sites and limit in the same proportion my questions. There are actually several questions (but I will not open a thread each time?). I need a direct link to a plugin and be sure I understand it. That's why I'm asking you to check this procedure knowing that often the answer is just the link or a few words, sometimes yes / no
thank you in advance
***
website side with "Securitycheck PRO"

1-1 I download the following standard file (is my downloaded file correct for most cases?) In Menu: Task> import config

1-2 I put the MetaDefender Cloud key ( portal.opswat.com/ ) in Menu: Configuration> Global [malware scan tab]

1-3 I download the plugin protection (paying?) securitycheck.protegetuordenador.com/dow...pam-protection-1-0-5 in joomla

1-4 I download the free plugin: Status to update it to the database
where url please?

1-5 I scan Menu: Options> Malaware scanner by clicking on the start button

1-6 set daily "check integrity" in Menu: Configuration> cron configuration

A priori there are no other basic operations?


Integration of the site containing "Securitycheck PRO" in another site including just "control center"

1- generate a key on customer site

2- add a site by putting key securitycheck Prodans secret key
the .htaccess key is not required?

control center side

This extension serves to ?

a / automate backup via akkeebackup

b / have a general dashboard with extension and joomla update information?

all sites must be in https? (Maybe that's why the link between my first 2 sites did not work)

Please Log in or Create an account to join the conversation.

More
1 week 2 days ago #6350 by Jose
Replied by Jose on topic security procedure
Hi Herve,

1-1 I download the following standard file (is my downloaded file correct for most cases?) In Menu: Task> import config

Yes, in most cases this will be the procedure. But be fully sure you configured everything before exporting/importing.

1-2 I put the MetaDefender Cloud key ( portal.opswat.com/ ) in Menu: Configuration> Global [malware scan tab]

Yes.

1-3 I download the plugin protection (paying?) securitycheck.protegetuordenador.com/dow...pam-protection-1-0-5 in joomla

This plugin is valid to avoid spammers registration and it's free.

1-4 I download the free plugin: Status to update it to the database
where url please?

I don't know what do you mean.

1-6 set daily "check integrity" in Menu: Configuration> cron configuration

Yes.

A priori there are no other basic operations?

You can also configure your email to be alerted of attacks ( WAF configuration -> Email notifications). You should also configure a two factor method for your super user/administrative accounts and also configure the .htaccess protection (at least the backend protection). There is a resume of security status with buttons to each setting to be corrected.

1- generate a key on customer site

2- add a site by putting key securitycheck Prodans secret key
the .htaccess key is not required?

No, it's not required.

This extension serves to ?

a / automate backup via akkeebackup

b / have a general dashboard with extension and joomla update information?

Among others. You can update extensions (even the core), check integrity and permissions' status... It's a way to manage all your Joomla websites from a centralized console.

all sites must be in https? (Maybe that's why the link between my first 2 sites did not work)

No, https it's not a must. http sites also work.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • herveD
  • herveD's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
6 days 13 hours ago #6374 by herveD
Replied by herveD on topic security procedure
Hi Jose
Thank you for this information that allows me to do a simpler checkup

I can not activate the database update of the secretivecheck pro and I read in the documenation that there were 2 plugins. I'm looking for this 2nd plugin (maj database?)
Regards

Please Log in or Create an account to join the conversation.

More
6 days 13 hours ago #6375 by Jose
Replied by Jose on topic security procedure
You're welcome Herve!

The update database is a paid plugin you must purchase separately (it's included only in the "All in one" subscription).

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.071 seconds
Powered by Kunena Forum

Login or Sign In