Page 1 of 1
HESK Security check list
Posted: Thu Feb 26, 2015 4:46 pm
by Klemen
I wrote an article about simple steps that make HESK more secure.
Read the article here:
HESK Security check list
Comments and suggestions are welcome!
Re: HESK Security check list
Posted: Sat Feb 28, 2015 6:47 pm
by mfdfire
Thanks - good info!
Re: HESK Security check list
Posted: Wed Apr 01, 2015 1:57 am
by MOB
Great work.
About step 4.
Isn't it easy for a hacker to fetch your robots.txt to see what directories you want spiders not to crawl? Same directories you plan on renaming?
For example, I rename the admin folder to: nome
But then on the robots.txt I put the following:
Re: HESK Security check list
Posted: Wed Apr 01, 2015 8:00 am
by Klemen
Of course, that's why don't put it in the robots.txt file
Unless there is a link to the admin folder somewhere search engines shouldn't find it.
Re: HESK Security check list
Posted: Sat Aug 01, 2015 7:21 am
by rachna
Hello:
I have installed hesk on my server and it is working great. The only issue I See is that it does not maintain threads so I loose the previous conversation with the same customer. Meaning if someone wrote to me from an email id
text@yahoo.com and he writes again as
text@yahoo.com then it is created as a new ticket so I loose previous conversation, is it possible to set i tup that way, am I missing some settings?
Regards,
Rachna
Re: HESK Security check list
Posted: Wed Aug 05, 2015 6:43 pm
by Klemen
Please keep this thread focused on HESK security. For unrelated questions open a new post.
Re: HESK Security check list
Posted: Thu Nov 04, 2021 3:50 pm
by Tpk
I think SHA1 is definitely unsafe nowadays, you should consider replace sha something more secure like bcrypt or argon2.
Here may be helpful
resources to do this aright.
Re: HESK Security check list
Posted: Fri Nov 05, 2021 7:51 am
by Klemen
Agreed, the SHA1 should and will be upgraded to a more modern password storage algorithm.
Added it to our "to do" list.