...
1. Navigate to your HostBill install directory and go to the /includes/ directory.
2. CHMOD / change file permissions of config.php to 444.
...
In order for HostBill to operate in a safe environment, you'll want to prevent anonymous users from uploading content to your server. We already know that templates_c has folder permissions of 777, and users can upload files to the downloadsattachments folder through support tickets. Let's secure these folders to protect your server.
Note: steps below are for non-enterprise installations. Enterprise installer do this for you.
1. Navigate to the HostBill install directory.
2. Move the attachments, downloads, and templates_c folders outside of the public directory. The /home/hostbill path is a great location.
3. We're using /hostbill as using hostbill user as our example. Your new hierarchy should be /home/hostbill/ for the above mentioned folders.
4. Go back to your main HostBill install directory and head to the /the includes/ directory.
5. Add the following lines to very bottom of your config.php file so HostBill can locate them on the server.
| Code Block | ||
|---|---|---|
| ||
$hb_downloads_dir = "/home/hostbill/downloads"; $hb_attachments_dir = "/home/hostbill/attachments"; $hb_templates_c_dir = "/home/hostbill/templates_c"; |
You'll notice that these values variables are already available in mentioned file, but with different location entriesvalues. You can just need to replace / edit the current entries.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
/home/hostbill/public_html/{hostbill-install-directory/}
/home/hostbill/public_html/{hostbill-install-directory/}includes/config.php
/home/hostbill/attachments/
/home/hostbill/downloads/
/home/hostbill/templates_c/ |
You can now safely CHMOD all directories in the following directories to 777
| Code Block |
|---|
chmod 777 -R /home/hostbill/attachments chmod 777 -R /home/hostbill |
...
/downloads
chmod 777 -R /home/hostbill/templates_c |
Securing Administrative Access
...
Change Admin Folder Name
As of HostBill 3.0.0, users may now users can rename their admin folder. Renaming your admin folder will prevent brute force attacks, password guessers, and other similar threats.
1. Navigate to your HostBill install directory and edit the /admin folder's name. Change it to something uncommon. We'll use new-folder-name as an example.
2. Navigate to /Edit includes/config.php and make the following changes.
...
1. Navigate to Security Settings > Administrative Allowed IPs.
2. Allow your IP IPs first.
3. Deny all IPs next.
HostBill will always check the deny IPs first, and allow IPs next.
...
The following is just an example if you are using Apache as webserver, you may add it in your .htaccess file and configure as needed.
...
| Code Block | ||
|---|---|---|
| ||
# Allows single IP address. allow from 111.111.111.111 |
| Note | ||
|---|---|---|
| ||
Paths may may vary depending on server software you're using |
...