Security Best Practices

Security should be a top priority for any web application handling user data and communications. This section outlines essential security measures for your ChatNet installation including changing default secret keys, enforcing SSL/HTTPS, setting strong passwords, securing your database, configuring file upload restrictions, and implementing regular backups. Following these practices helps protect your platform and users from common security threats.

Changing Default Secret Keys

Edit config/init.php:

// Change this to a unique random string define('SECRET_KEY', 'your-unique-random-string-here');

Generate a secure key:

echo bin2hex(random_bytes(32));

SSL/HTTPS Enforcement

Secure all communications by enabling HTTPS on your server.

Obtain an SSL certificate (Let's Encrypt is free)
Configure your web server for HTTPS
Add redirect from HTTP to HTTPS
Update site URL in admin to use https://

Strong Admin Passwords

Use strong, unique passwords for all administrator accounts.

Minimum 12 characters
Mix of uppercase, lowercase, numbers, symbols
Never reuse passwords
Consider a password manager

Database Security

Protect your database from unauthorized access.

Use a strong database password
Limit database user permissions
Don't use root for production
Keep database on localhost when possible

File Upload Restrictions

In Chat & Features > Chat Settings:

Set appropriate file size limits
Restrict allowed file types
Enable virus scanning if available

Regular Backups

See the Backup & Maintenance section for details.

IP Logging & Blacklist

Navigate to Moderation > IP Access

IP logging and blacklisting help protect your platform from malicious users, spam bots, and repeated abuse.

Enabling IP Logging

Setting	Description
Enable IP Logging	Track IP addresses for user actions
Log Login Attempts	Record IPs during login
Log Registration	Record IPs during signup
Log Password Resets	Track password reset requests

Viewing IP Logs

Navigate to Reports > IP Logs
View logged activities by IP address
Filter by action type (login, register, etc.)
Identify suspicious patterns

Blocking IP Addresses

Navigate to Moderation > IP Access
Click "Add IP"
Enter the IP address to block
Optionally add a reason/note
Save

Blocked IPs will be denied access to the entire platform.

IP Blacklist Best Practices

Block IPs showing repeated abuse
Use CIDR notation for ranges (e.g., 192.168.1.0/24)
Document why each IP was blocked
Periodically review and clean up old entries
Consider using a firewall for large-scale blocking

Domain Filter

Navigate to Moderation > Domain Filter

The domain filter controls which URLs and links can be shared in chat messages, helping prevent spam and malicious links.

Filter Modes

Mode	Description
Whitelist	Only allow links from specified domains
Blacklist	Block links from specified domains
Disabled	Allow all links

Configuring Domain Filter

Navigate to Moderation > Domain Filter
Choose filter mode (whitelist or blacklist)
Add domains to the list
Save changes

Adding Domains

Enter domains without http:// or www:

example.com trusted-site.org your-company.com

Whitelist Mode (Recommended for Strict Control)

Only links from these domains will be allowed:

Your own domain
Trusted partner sites
Approved image hosts

All other links will be blocked or stripped from messages.

Blacklist Mode

Links from these domains will be blocked:

Known spam sites
Malware distributors
Competitor sites (optional)

All other links will be allowed.

What Happens to Blocked Links

Depending on configuration:

Links may be removed from messages
Messages with links may be blocked entirely
Users may receive a warning

Additional Security Measures

Extra steps to further harden your ChatNet installation.

Keep PHP and server software updated
Use a Web Application Firewall (WAF)
Monitor access logs for suspicious activity
Implement rate limiting
Regular security audits