Security is critical here at ChatBot. We work with security experts who perform periodic security audits. We continually implement the latest security technologies and stay up-to-date on the latest security threats. Find below some of the security measures that have been implemented in ChatBot.
ChatBot permits a maximum of 10 unsuccessful login attempts within an hour. In case the limit is exceeded by a user, admin, or agent, they will be unable to access their account or the admin area for a period of 1 hour. This blocking mechanism is based on the user's IP address and serves to deter brute force attacks aimed at uncovering login credentials. If you encounter the "Too many login attempts. Please retry again in a few hours." error, you have two options: either wait for a few hours or make changes to the ChatBot database by deleting the ip-ban row from the sb_settings table.
To prevent XSS injection protection attacks, all sensitive user inputs undergo sanitization.
To prevent CSRF attacks, all requests are validated by checking the login cookie and the client-side login string.
Whenever the password or the details for an admin or agent is changed, all active sessions are automatically logged out when sensitive operations are executed or after 1 hour.
We use 256-bit AES encryption to encrypt sensitive data such as active session login data.
ChatBot ensures that all uploads are renamed with a random alphanumeric string prepended to the original file name to prevent discovery of the URL and unauthorized download of the uploaded file. Kindly note that, for this feature to function properly, your server must prohibit directory listing.
To configure ChatBot and MySQL to use encrypted connections edit the ChatBot config.php file and add the following constants: SB_DB_CERTIFICATE_PATH, SB_DB_CERTIFICATE_CLIENT_KEY, SB_DB_CERTIFICATE_CLIENT, SB_DB_CERTIFICATE_CA. Enter the appropriate values for each constant. More details here.