7 modules that can improve your Drupal's security
Need to make money from home
Want to earn money
болит косточка на ступне
растет шишка на большом пальце ноги
острый геморрой симптомы
Ten ways to make money
איביי בישראל
דיל אקספרס ישראל
קניית בגדים באינטרנט מסין
אייבי קניות
קניית ויאגרה
קמגרה מחיר

Everything about Web and Network Monitoring

7 modules that can improve your Drupal’s security

Top ways to make money online
Fast online money
Money doing surveys
How to make easy money fast
Need money quick
простатит геморрой
лучший антибиотик при простатите
Free surveys online for money
How we earn money online
Earn money for college
Ausbildung viel geld verdienen
Wie verdiene ich schnell geld mit 14
Geld mit eigener website verdienen
Marktforschung geld verdienen erfahrung
Schnell und leicht geld verdienen
In our previous article, 13 Handpicked WordPress Plugins for Security, we focused on the ways you can make your WordPress platform more secure. In this article we will concentrate our attention on one of the other popular blogging platforms – Drupal. We will make sure that all the important steps for securing it and its most valuable additional modules are brought to your attention.
As Drupal usually comes with the entire LAMP (Linux, Apache, MySQL, and PHP/Perl/Python) set of modules, your first step in securing your server should be to make sure that you’re using the most up-to-date and secure versions of all these solutions. The probability of a successful hacking attempt against your site drops by something like 30% just by making sure that everything that can be updated is actually up to date.
The second thing you can do is to rely only on secure communication like SSH, sFTP, FTPS, and HTTPS. You better forget about the sniffing-friendly FTP, Telnet, HTTP, and Total Commander. You should also use strong passwords and back up your content regularly.
Something else worth mentioning is that most people think that open source programs are easier to hack. Well, experience shows that’s not really true. As the source code is open for anyone to review, there are many people who report problems and suggest improvements. All bugs are privately sent to the Drupal Security Team, which investigate them and propose solutions, usually by the means of Security Advisories (SAs). You can subscribe to such SAs so you can easily install them when they become available.
After the initial hardening procedures, you can always help yourself by using some of the security modules on the drupal.org site. They are all tested by the Drupal Security Team upon uploading and they are periodically reviewed upon indications of problems. Some of the modules worth mentioning are:

• Security review – gives you a summary of results against easily made mistakes when using Drupal. It checks for database errors, failed logins, usernames used as passwords, etc.
• Login security – allows you to limit the number of unsuccessful login attempts and set a policy when the limit is reached, i.e. blocking the user’s IP permanently or temporarily. It can be set to notify the administrator when a brute forcing attack is occurring.
• Update manager (or Update Status in Drupal 6) – automatically monitors for new versions of the Drupal software and the contributed modules and themes. You can monitor the log to see what updates are available or to set notifications.
• CAPTCHA – a very popular module that can be used to make users prove they’re human before allowing them to submit a comment or anything else. Using this module, you can eliminate the risks of spam bots filling up your site with unwanted content. The module asks you to enter a pattern of masked symbols to prove you understand them.
• Content Access – allows you to set a specific view for an author or a role. It can also be used for editing/deleting permissions for each content type. It uses the ACL module for operation.
• ACL – can’t be used by itself, as it has no user interface, but it provides an API (application programming interface) for other modules to create lists of users and to allow them access to nodes.
• SpamSpan filter – its main purpose is to hide email addresses from bots that try to extract them from your website. It either uses Javascript (if enabled) or it masks the address as “something [at] something [dot] com”.

Finally, don’t forget to monitor your website’s availability. You can do that easily with Monitor.us and Monitis.

Post Tagged with , , ,

About Irina Tihova

I'm a Microsoft and CompTIA certified Security specialist with experience in networking and systems administration. I've been working for New Horizons Computer Learning Centers for quite a while as a Systems Administrator and as a Technical Trainer. I've led courses on Microsoft Windows Server systems and Microsoft Exchange Server. Currently I'm still practicing on Microsoft technologies as a consultant and I'm guest blog posting for Monitis. 
  • http://www.cygnet-infotech.com/ Hemang Rindani

    A standard developer dashboard and ability to manage multiple user roles through a secured connection makes Drupal a great CMS. Readily available security plugins in Drupal allow to create a secured connection between website and database. Provide limited user access rights to manage the content over a webpage. Use authentication tools like login Id, password, captcha etc. that decreases the threat posed by hackers. Keep the plugins and content updated.

    Thanks for the sharing the information.

  • lilit.petrosyan

    Hi Hemang,

    Thanks for a very valuable insight!