So I recently installed a copy of MyBB on a vps and it seems to be pretty stable and handles well, but I have a question. would it be safer to host a MyBB forum on a VPS then use shared hosting. heres my perspective:
With Shared Hosting alot of the shared servers get Symmlinked & or rooted.
With Shared VPS servers you are probably likely to be hacked but you would probably need a higher advanced knowledge of hacking.
Shared hosting isn't cheap. usually it costs like $1-2 but you can get a VPS cheap for 1 year at a cheap price.
With a VPS its not really hard with the file management but with shared it has a easy to manage file manager on Cpanel.
That's how I see it. what do you guys think?
As long as the server is being kept up to date and isn't mis-configured you should be fine either way. If you don't have an understanding of network and server security you're probably better of going with shared hosting (or a managed VPS, but that doesn't guarantee anything). Security spans through multiple layers. Just make sure you have a plan in case you do get hacked.
Yeah nathan. I got a really good and secure VPS, and I'm pretty sure it's secure and managed. I have it backed up on my PC and if anything goes wrong. or someone eventually gets in I'll be ready. although the lag of the server isn't the best I don't have the SQL database connected with the VPS so when they hack the site they'll have no idea where to go.
(2013-01-08, 11:10 AM)HCforums Wrote: [ -> ]I don't have the SQL database connected with the VPS so when they hack the site they'll have no idea where to go.
All someone would have to do is open your config.php in your mybb install and they would have all the db details. Unless I misunderstood what you meant
Lol, you can't open config in the /install directory silly the config file is in the /inc directory. the hell man?
(2013-01-09, 01:02 PM)HCforums Wrote: [ -> ]Lol, you can't open config in the /install directory silly the config file is in the /inc directory. the hell man?
He's saying that if someone managed to gain file system access, they could just read ./inc/config.php and connect to the remote server without even needing to use your server. That is, unless you have a firewall setup which only that specific server can connect to. In either case that could still connect to your database a dump it or worse.
Shared servers being rooted honestly depends on how seriously a provider takes security.
(2013-01-09, 01:23 PM)Nathan Malcolm Wrote: [ -> ] (2013-01-09, 01:02 PM)HCforums Wrote: [ -> ]Lol, you can't open config in the /install directory silly the config file is in the /inc directory. the hell man?
He's saying that if someone managed to gain file system access, they could just read ./inc/config.php and connect to the remote server without even needing to use your server. That is, unless you have a firewall setup which only that specific server can connect to. In either case that could still connect to your database a dump it or worse.
now that you say that I actually managed to figure out how to control the firewall and use linux to drop IP tables. although there are safe alternatives. I can pretty much figure a few ways to prevent the databases from being attacked/hacked. dropping IP tables is a simpler approach for me. he said in the install not the /inc directory.
(2013-01-09, 01:28 PM)StingReay Wrote: [ -> ]Shared servers being rooted honestly depends on how seriously a provider takes security.
You wouldn't believe how many shared servers I've been on have been rooted and hacked.
Zedehost.co.uk Symlinked and rooted
Spetsnazhost.com Symlinked
It's not that hard really. all I would have to do is upload a symlink script in my hosting folder on shared hosting and then open it up. there are alot of vulnerable sites that are easy to symlink out there.
(BTW I didn't symlink those sites a bunch of hackers were stalking me.)
(2013-01-08, 03:54 PM)InfernoSoft Wrote: [ -> ]All someone would have to do is open your config.php in your mybb install and they would have all the db details. Unless I misunderstood what you meant
He's referring to your installation of MyBB, not the ./install/ directory.
(2013-01-09, 02:31 PM)Nathan Malcolm Wrote: [ -> ] (2013-01-08, 03:54 PM)InfernoSoft Wrote: [ -> ]All someone would have to do is open your config.php in your mybb install and they would have all the db details. Unless I misunderstood what you meant
He's referring to your installation of MyBB, not the ./install/ directory.
Hmm good point although like I said. I could always use the dropiptables command if someone manages to get in.