By sachinbal on

Hi,

I am based out of India and I have a couple of basic sites which I have created in Drupal. I would like to know the steps I need to take to make my sites more secure. I have my sites on hostgator india and very recently my sites were hacked by "Jokr H4xor".

Regards

Sachin

Categories: Drupal 7.x

Comments

VM’s picture

VM commented

first and foremost make sure the sites and all modules in use are update to date.

sachinbal’s picture

sachinbal commented

Thanks. I have taken care of the same. Is there anything else, which you can suggest

Regards

Sachin

narendraR’s picture

narendraR
He/Him
Primary language English
Location Jaipur, India
commented

check this list as per your requirement
https://www.drupal.org/node/2368709

Let's Drupal

sanjay.soni’s picture

sanjay.soni commented

As you already got details for drupal security, Just wanted to add some more points :
If some trying to login from a random username and password again and again(using script that you can check from drupal DB logs module) then block their IP's using IP blocker configuration(url: admin/config/people/ip-blocking). I faced the same sometime back.

Best Regards,
Sanjay
skype:er.sanjaysoni

blu_regard’s picture

blu_regard commented

make sure your files have propper permissions setup:
https://www.drupal.org/node/244924
check for your log files for forced entry. while a giant pain if lots of users need to login i hide the login box and only tell legit users where it is. there are modules that can run a check list of stuff that needs to be secure and that monitor brute tries on login

sachinbal’s picture

sachinbal commented

Thank you for your suggestions. I have blocked a few IP's but I will go through all the suggestions and apply the best option.

Regards

Sachin