Any good security expert will tell you that if it's online, it cannot be 100% secured. But there are many things you can do to make your Dolphin site more secure than the original Install.
Probably the most important step you can take. Nobody can hack a DVD that's locked in your office. This could be the one thing that will save your site above all else.
Check to make sure you deleted the entire install directory. You should have done this during the install. You'll leave a big security hole by not having done so.
chmod 755 inc/ periodic/ chmod 644 periodic/cmd.php periodic/notifies.php ray/inc/header.inc.php. You should have done this during your install but you should check to be sure.
You can check to see if register globals is on or off by creating a php file with the following and executing it on your server:
<?php phpinfo(); ?>
If it is on, contact your web host to get it turned off. If your host won't turn it off, find another host. Do not forget to delete the file you created to do the checking once you are done with it.
If you use the Dolphin Database Backup in the Admin Panel it has an option to save the backup to your server. Do not do this. Always save it to your local computer. If you have already saved files to your server you can remove these files by going to yoursite.com/backup or yoursite.com/yourfile/backup if you installed to a directory.
Add an extra layer of protection to your system login pages. You can do this by adding a .htaccess in the yoursite.com/admin and yoursite.com/moderators directories. You can do it manually by using the following in a .htaccess file:
AuthUserFile /home/yourname/htpasswd/.htpasswd AuthGroupFile /dev/null AuthName "Private Area" AuthType Basic <Limit GET POST> require valid-user </Limit>
And a by adding a .htpasswd file to the directory in the first line above (below public access) containing a user name and password such as:
testuser:cw1EWM8svuX8Y
Since the password will be encrypted, you'll need something to generate it. You can generate it as well as variations of the .htaccess file here: http://www.clockwatchers.com/htaccess_tool.html
You can configure a .htaccess file in your root directory with a blocklist to block known or bad IP's with the following:
For a Basic .htaccess file this will refuse all GET and POST requests made by IP address 127.0.0.1, and show an error message instead.
order allow,deny deny from 127.0.0.1 allow from all
To block multiple IP addresses, list them one per line.
order allow,deny deny from 127.0.0.1 deny from 127.0.0.2 deny from 127.0.0.3 allow from all
You can also block an entire IP block/range. Here we will not specify the last octet in the .htaccess file. This will refuse access for any user with an address in the 127.0.0.0 to 127.0.0.255 range. Use with caution, you don't want to block innocent users.
deny from 127.0.0
Read more about this method here: http://www.clockwatchers.com/htaccess_block.html. And just how do you know what a bad IP is? You'll need to watch your log files.
If you have Cpanel on your server go to the Web/FTP Stats section and look there for suspicious activity from an IP address. If you don't have Cpanel then your server will have some sort of other method for reviewing the traffic to your site and logging errors and bandwidth usage. Learn how to use the tools available. These logs will tell you an enormous amount of information.
5. Don't Backup your Database to your Web Server
I really think off server and out of datacenter backups are critical. Doing it to ones local PC is OK - but usually this is not automated. Maybe a plug for BakMySite or similar services would be work here.
6: Password Protect your Admin and Moderator Directories with a .htaccess/htpasswd Solution.
People can also normally use their server control panel (cpanel) to add this easily.
7. Configure a .htaccess file in your Dolphin Root Directory to Block Bad IPs.
This is OK - but messy... if on a VPS or dedicated server, install a software firewall. We use APF which has dshield.org block list and spamhaus Don't Route Or Peer List integrated.