3. but ...
• TYPO3 is not „implement and forget“
• Regular checks and updates are required
4. Secure Passwords
• 9 or more characters
• Mixed upper/lowercase
• Do not use the same password everywhere
• Change regularly
• Passwords are stored as md5 hash, but...
7. Disable Directory
Listing
• in httpd.conf change
Options All Indexes FollowSymLinks
to
Options All FollowSymLinks
• Google Search
intitle:quot;index ofquot; quot;last modifiedquot; size
8. Backup Your Data
• Regularly (cronjob)
• Directories: fileadmin, typo3conf, uploads
• Database: mysqldump --opt > filename
• Not only for the last one or two days
• Copy or download to external media
• Verify!
• Do not store inside docroot
15. Backend Users
• Editors should NEVER have admin rights
• Check list of BE users for valid entries
• Temporary editors (students, contract
workers): set expiration date for account
18. • „...the web forum software had an
unannounced security patch silently
released by the vendor nine days ago. The
defacement gang learned of the
vulnerability and went through the net
searching for vulnerable forums and
changed the front page of such forums to
their quot;greetingquot;.“