2012-12-28, 04:40 AM
Pages: 1 2
2012-12-28, 04:44 AM
Q. How do I stopped getting hacked?
A. Have better security.
Ask an obscure question you get an obscure answer.
A. Have better security.
Ask an obscure question you get an obscure answer.
2012-12-28, 04:45 AM
(2012-12-28, 04:44 AM)labrocca Wrote: [ -> ]Q. How do I stopped getting hacked?
A. Have better security.
Ask an obscure question you get an obscure answer.
What type of security should I enable on my website? I'm not a huge MyBB expert on this
2012-12-28, 04:45 AM
Have you analyzed your site afterwards to determine how the attacker gained access? There's a thousand ways they could have gained access. It's much more efficient to find out how they gained accessed rather than give you a thousand ways to try and prevent it from happening again in the future.
2012-12-28, 04:52 AM
(2012-12-28, 04:45 AM)Nathan Malcolm Wrote: [ -> ]Have you analyzed your site afterwards to determine how the attacker gained access? There's a thousand ways they could have gained access. It's much more efficient to find out how they gained accessed rather than give you a thousand ways to try and prevent it from happening again in the future.
I can't seem to find any way they could have done it, they changed the index.php through the cPanel, and my cPanel's password is pretty hard to obtain
2012-12-28, 05:09 AM
Did you check for a keylogger or RAT on your computer? Did they manage to gain access to your email account by some means? You need to investigate and try to determine how they managed to get in otherwise there's a good chance they will be able to keep gaining access easily.
After the first time your forum was defaced, did you check for any modified files or any web shells which may have been uploaded? They could have full access to your site without even needing access to your cPanel account. You need to be 150% certain that they have no way of accessing your forums files or database.
After the first time your forum was defaced, did you check for any modified files or any web shells which may have been uploaded? They could have full access to your site without even needing access to your cPanel account. You need to be 150% certain that they have no way of accessing your forums files or database.
2012-12-28, 05:11 AM
(2012-12-28, 05:09 AM)Nathan Malcolm Wrote: [ -> ]Did you check for a keylogger or RAT on your computer? Did they manage to gain access to your email account by some means? You need to investigate and try to determine how they managed to get in otherwise there's a good chance they will be able to keep gaining access easily.
After the first time your forum was defaced, did you check for any modified files or any web shells which may have been uploaded? They could have full access to your site without even needing access to your cPanel account. You need to be 150% certain that they have no way of accessing your forums files or database.
I am positive I have no RAT or Keylogger infected into my PC. I am unsure if there are any web shells on my website, but they were able to get into my cPanel as I obtained their IP Address from it, then contacted my hosting on blacklisting that IP, but again, they could get on a proxy and continue.
This really pisses me off how these skids roll around forums doing stupid stuff such as defacing, very irritating
2012-12-28, 11:32 AM
Does your host run a secured updated version of Cpanel? And is every package/module in your server upgraded?
Penetration could have been from many points. Access to your cpanel could not have come from MyBB though. You'll need to work on security from another point.
Security starts with your own computer, your email accounts, your control panels, your files, your online accounts, your server, and on and on...unless you have experience with this you might be fumbling around a bit.
You say you don't have a RAT. Then you need to figure out how they logged into cpanel.
Quote: but they were able to get into my cPanel as I obtained their IP Address from it
Penetration could have been from many points. Access to your cpanel could not have come from MyBB though. You'll need to work on security from another point.
Security starts with your own computer, your email accounts, your control panels, your files, your online accounts, your server, and on and on...unless you have experience with this you might be fumbling around a bit.
You say you don't have a RAT. Then you need to figure out how they logged into cpanel.
2013-01-04, 10:07 PM
Never use the "remember me" box anywhere, that is easily exploited, change your top level passwords weekly, make them very complicated, not just numbers or letters.
Do not use the same passwords on several sites, have different passwords for top level access.
Do not keep a list of your passwords on your PC.
Do not use the same passwords on several sites, have different passwords for top level access.
Do not keep a list of your passwords on your PC.
2013-01-05, 06:17 PM
(2013-01-04, 10:07 PM)Spangle Wrote: [ -> ]Never use the "remember me" box anywhere, that is easily exploited
Debatable. Don't use it on shared devices.
Pages: 1 2