How many symboltanious attacks can mybb withstand before being broken into. When a group of crackers attempt to bombard it with all known web security vulnerabilities ? Same with DDOS, will it break mybb like it breaks freenode ?
That is up to your server and how well you can prepare for such attacks.
In most cases a DDoS will be effective regardless of the software running due to the fact it just uses up all available bandwidth (The recent big DDoS attacks have been NTP amplification attacks and have been peaking
as high as 350-400gbps - so unless you have that much bandwidth available your site will be inaccessible).
As for someone trying to search your site/server for vulnerabilities you just need to take the same precautions as you would with any other PHP application - such as appropriate file/user permissions, running processes with the minimal privileges etc.
(2014-02-24, 01:51 PM)Cameron:D Wrote: [ -> ]That is up to your server and how well you can prepare for such attacks.
In most cases a DDoS will be effective regardless of the software running due to the fact it just uses up all available bandwidth (The recent big DDoS attacks have been NTP amplification attacks and have been peaking as high as 350-400gbps - so unless you have that much bandwidth available your site will be inaccessible).
As for someone trying to search your site/server for vulnerabilities you just need to take the same precautions as you would with any other PHP application - such as appropriate file/user permissions, running processes with the minimal privileges etc.
Yes those are the normal way to secure mybb, and i follow that always. Just that a bunch of crackers that unite to hack vulnerabilities out of mybb at the same time is the issue. DDOS is fine thanks , cloudflare can help with that.
Every piece of software will have vulnerabilities, but the MyBB team is pretty quick at getting patches out. Always keep MyBB and plugins up to date.
The only way to never be hacked is to simply never run a website.
(2014-02-24, 02:16 PM)Tom K. Wrote: [ -> ]Every piece of software will have vulnerabilities, but the MyBB team is pretty quick at getting patches out. Always keep MyBB and plugins up to date.
The only way to never be hacked is to simply never run a website.
The big issue is the plugins, most of them are 2 years old and labled as "UP To DAte". I know that, i know mybb core is up to date in security.
(2014-02-24, 02:33 PM)KLOX94 Wrote: [ -> ] (2014-02-24, 02:16 PM)Tom K. Wrote: [ -> ]Every piece of software will have vulnerabilities, but the MyBB team is pretty quick at getting patches out. Always keep MyBB and plugins up to date.
The only way to never be hacked is to simply never run a website.
The big issue is the plugins, most of them are 2 years old and labled as "UP To DAte". I know that, i know mybb core is up to date in security.
Don't run untrusted plugins?
The plugins on the mybb mods site I believe are checked for security holes. Under development or on other sites, probably not so much.
I've never really had anyone successfully hack into my mybb forum, even with old plugins that need updating are installed. Even someone who knew of a security vulnerability whom I told to use it against me failed (don't know why he failed). There have been a couple of hacking attempts, but they never got anywhere. So I would say that Mybb is pretty safe as long as you keep it up to date. I haven't had the same luck with phpbb.
(2014-02-24, 02:45 PM)HolyPhoenix Wrote: [ -> ]I've never really had anyone successfully hack into my mybb forum, even with old plugins that need updating are installed.
That is because why you have a tiny forum, no big interest there. As i explain again its about the bigger you are the more you will be the target of such attacks. So if those plugins at mods.mybb.com gets checked often , why dont they put in the date of when last the plugin was checked for vulnerabilities .
We check them while we validate them. Why should we check them again after x days/month? So the last updated date is (more or less) the last checked date.
(2014-02-24, 04:01 PM)King Louis Wrote: [ -> ]We check them while we validate them. Why should we check them again after x days/month? So the last updated date is (more or less) the last checked date.
Yet again this is another form of mybb not providing the correct information to its loyal users. It is in good faith of many who use those plugins that mybb staff show the date when they last checked that that plugin has security vulnerabilities. WHich can be a simple "This plugin was last checked for security issues on : Feb 24 2011" status message.
If the plugin is updated on the mods site, it goes through validation again. So if there is no update to the plugin on the mods site, why would it need to be checked again if it was okay the last time it was validated? Nothing has changed and MyBB has provided the service you are asking for