Security

Security settings

We strongly recommend that you do not ignore security settings.

1. Additionally protect your admin area with htpasswd utility

2. Paranoid protection - delete the admin login file and upload it to the server as necessary.

3. Follow all the recommendations described in the section: System - MD5 Checksums

4. Enable all logs: Settings - Security.

5. If possible, configure all restrictions: Settings - Security.

6. Be sure to use SSL (Secure Sockets Layer) - a cryptographic protocol that ensures secure communications. For instructions, see the section: Training - SSL Settings

7. We do not recommend setting minimum exchange amounts that are too small.

8. Enable captcha or security questions in the 3rd step of completing the application: Currency exchange - Module settings - Access rights - Display secret code (captcha) in the form

9. EXIT FROM THE ADMIN MANAGEMENT and close the browser when you finish working in the admin panel.

10. Do not provide access to the admin panel and FTP to people you do not trust. If you need to give access, then first follow step 3 and upon completion work, change all your passwords and compare MD5 checksums.

11. Do not place any other third-party programs in the exchanger directory.

Quickly disable automatic and semi-automatic exchanges

This option is a last resort when you quickly need to take action to protect your funds.

For example, if your server is hacked, which you have not checked for security and you believe that if you use a VPS or VDS, then you are completely protected.

In the admin panel at the top you see an icon.

By clicking on it you will disable all automatic and semi-automatic exchanges and clear all payment API data.

And you will have to set everything up again.

If you use automatic exchanges, we recommend using the services: Cloudflare: https://www.cloudflare.com/ See Cloudflare settings Incapsula: https://www.incapsula.com/

Your safety

Do not neglect your own safety.

1) Use an antivirus program.

2) Use the current version of the browser. We recommend Google Chrome as the most secure.

3) Do not download any files from suspicious resources.

4) Work only with trusted hosting providers. The script will not be able to protect your server from hacking. If you have a VPS, VDS, then order an audit and settings from a competent system administrator

5) We do not send update files by mail. Update files are issued personally to each client.

6) If you receive any letters purporting to be from us, with any attachments, delete these letters. Do not open attachments under any circumstances.

7) Information about updates in project news, in personal messages or in the official newsletter for clients. You only receive text messages from us