Gallery notes

From Noah.org
Revision as of 12:20, 9 August 2007 by Root (talk | contribs) (New page: Category:Engineering I use Gallery2 for managing pictures on my web site. It's a target for hacker bots. I've seen a lot of scripts trying dictionary attacks against Gallery2. I am t...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search


I use Gallery2 for managing pictures on my web site. It's a target for hacker bots. I've seen a lot of scripts trying dictionary attacks against Gallery2.

I am the only one that uses my gallery. I make a few changes to make it more secure.

Make non-essential pages disappear

This gets rid of password recovery. I don't need this and I don't need to leave any potential holes open.

Edit gallery2/.htaccess and add a rule after the #END Url Rewrite section: 

# END Url Rewrite section

# This disables password recovery.
RewriteEngine On
RewriteCond %{QUERY_STRING} .*UserRecoverPassword.*$
RewriteRule ^.*$ - [R=404]

Always require the Captcha

Login to your gallery2 as admin user and select "Site Admin". On the left menu you should see "Captcha". Select this and set each of the following options as "High": Login, Guest Comments, Password Items. That will mean that you will always have to enter the Captcha image to login.

Disable Member modules

On the left menu select "Modules". Disable the following modules: "New User Registration", "Members List and Profiles". You don't need those for a single user installation.

Retrieved from "https://www.noah.org/mediawiki-1.34.2/index.php?title=Gallery_notes&oldid=2916"