Date: Fri, 29 Mar 2024 10:38:27 +0000 (UTC) Message-ID: <1281669939.7.1711708707015@8f037bbcad80> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6_996737786.1711708707015" ------=_Part_6_996737786.1711708707015 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
You need to secure the config.php file. Consider setting the permissions= to 444.
1. Navigate to your HostBill install directory and go to the /inclu= des/ directory.
2. CHMOD / change file permissions of config.php to 444.<= /p>
Modifying the permissions of this file is necessary and the easiest secu= rity method you can apply to your HostBill install.
IMPORTANT
Protect contents of includes/c= onfig.php file at all costs.
During installation HostBill generates $ccEncryptionHash inside of it which is used as partial key for pass= words encryption, if you'll loose/replace this variable's value, you will a= lso loose all stored passwords.
In order for HostBill to operate in a secure environment, you need to pr= event anonymous users from uploading content to your server, as well as lis= ting directory contents.
HostBill temporary dir: t= emplates_c uses folder permissions of 777, and users can upload files to the&nbs= p;attachments folde= r through support tickets. You need to secure these folders to protect your= server.
Note: steps below are for non-enterprise installations.= Enterprise installer will do this for you.
$hb_dow= nloads_dir =3D "/home/hostbill/downloads"; $hb_attachments_dir =3D "/home/hostbill/attachments"; $hb_templates_c_dir =3D "/home/hostbill/templates_c";
You'll notice that these variables are already available in mentioned fi= le, but with different values. You can just replace / edit the current entr= ies.
To sum it up, your new folder layout should look similar to this (provid= ed have web files inside /home dir)
/home/h= ostbill/public_html/{hostbill-install-directory/} /home/hostbill/public_html/{hostbill-install-directory/}includes/config.php /home/hostbill/attachments/ /home/hostbill/downloads/ /home/hostbill/templates_c/
You can now CHMOD following directories to 777
chmod 7= 77 -R /home/hostbill/attachments chmod 777 -R /home/hostbill/downloads chmod 777 -R /home/hostbill/templates_c
Note about directory listings
You should prevent your webserver from listing directories contents. Ie.= : when using apache add following to your .htaccess file:
Options -Indexes
When using nginx, add following to server block of nginx config file:
autoindex off;
HostBill admins can rename their admin folder= . Renaming your admin folder will prevent brute = force attacks, password guessers, and other similar threats.
1. Navigate to your HostBill directory and edit the /admin fol= der's name. Change it to something uncommon. We'll use new-folder-name= as an example.
2. Edit includes/config.php and make the following changes.
Change
$hb_adm= in_folder=3D'admin';
To
$= hb_admin_folder=3D'new-folder-name';
Now you can navigate to your HostBill's new admin URL, replacing /admin with /new-folder-name =
;to access the administrative control panel.
Note about folder change
Note that after changing admin folder name path you cron.php file will also change.
You should update crontab entries created for HostBill to new loca= tion after folder name change.
This also affects pipe.php file location, used for piping emails into Ho= stBill ticket system.
HostBill offers a number of Multi-Factor authentication plugins that wor= ks also for admin portal and can add additional layer of security for acces= sing admin resources.
You can enforce use of MFA/2FA for all staff= members in Security & Display
HostBill has an admin access restriction feature that controls what IPs = may access the administrative interface. To utilize this feature, do the fo= llowing.
1. Navigate to Security Settings =E2=86=92 All= owed IPs
2. Allow your IPs first.
3. Deny all IPs next.
HostBill will always check the deny IPs first= , and allow IPs next.
Additionally you may want to consider password protecting your admin fol= der using Basic Authentication - refer to your webserver documentation on h= ow to achieve this.
You can also additionally protect access to admin panel on webserver lev= el.
The following is just an example. If you are using Apache as webserver, = you may add it in your .htaccess file and configure as needed.
#= Sets the IP deny / allow rule order. order deny,allow
#= Denies IP access from all IPs. deny from all
#= Denies 111.111.111.0 - 111.111.112.255 : 512 IPs Blocked (Range) deny from 111.111.111.0/23
#= Denies 111.111.111.0 - 111.111.112.255 : 512 IPs Blocked (Subnet) deny from 111.111.111.0/255.255.254.0
#= Allows single IP address.=20 allow from 111.111.111.111
Note
Above may vary depending on webserver software you're using
HostBill also offers various tools to help you in managing your installa= tion security.
You can find this feature in the Security Settings= of HostBill. You can enable / disable notifications for certain staff= / administrators, which will send a notification to both of you, and the s= taff member when someone has logged into the account with the feature enabl= ed.