MyBB Community Forums

I have a firewall installed, it was a plugin that alters the htaccess file or something, not sure what that is doing.

I discovered a file called attacks.log in my root folder and it said this:

>>>>>>>>>> January 25, 2017 02:23:05 <<<<<<<<<<
REMOTE_ADDR: 117.253.220.124
HTTP_USER_AGENT: Mozilla/4.0 (compatible; Synapse)
HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
REQUEST_URI: /portal.php?theme=-1%27&my_post_key=53e86f38dcc359f4c8ed757bb7fde1ec

>>>>>>>>>> January 25, 2017 02:23:08 <<<<<<<<<<
REMOTE_ADDR: 117.253.220.124
HTTP_USER_AGENT: Mozilla/4.0 (compatible; Synapse)
HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
REQUEST_URI: /portal.php?theme=2&my_post_key=-1%27

>>>>>>>>>> February 3, 2017 06:08:18 <<<<<<<<<<
REMOTE_ADDR: 178.137.192.67
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.0; rv:22.0) Gecko/20130405 Firefox/22.0
HTTP_ACCEPT: 
REQUEST_URI: /Thread-Surrealist-Word-Game'

>>>>>>>>>> February 14, 2017 12:21:08 <<<<<<<<<<
REMOTE_ADDR: 122.148.171.24
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0
HTTP_ACCEPT: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
REQUEST_URI: /%3C!--%20start:%20postbit_attachments_attachment%20--%3E%3Cbr%20/%3E%3C!--%20start:%20attachment_icon%20--%3E%3Cimg%20src=

>>>>>>>>>> February 21, 2017 20:05:55 <<<<<<<<<<
REMOTE_ADDR: 191.6.136.132
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
REQUEST_URI: /'

Not sure what this is telling me, but it looks like the top viewed thread on my forum was 'attacked'?

How safe is mybb 1.8.10? What else can I be doing to protect my forum against attacks from Ddos etc?

Quote:How safe is mybb 1.8.10? 

Safe enough

Quote:What else can I be doing to protect my forum against attacks from Ddos etc?

Use Cloudflare

Quote:I have a firewall installed, it was a plugin that alters the htaccess file or something, not sure what that is doing.

This one?


I'm not entirely sure how that plugin works, but I wouldn't rely on it to solve all of my security problems.

With that said, unless you are making huge core modifications to MyBB, usually all you'll have to worry about is XSS and DDOS. These happen rarely, and are simple to protect against.

 If you're just starting out I wouldn't get too hung up on security and instead just focus on promoting your forum.

Security is a process. People always ask questions which use the term "best" -- what does "best" even mean? It's like asking what the best car is. Some people might say a Lambourgini, but it wouldn't be suitable for off-roading.

Installing a plugin which blocks suspicious requests isn't going to help if you never upgrade your forum or use weak passwords. At the application layer you can't mitigate DDOS attacks.

Security starts with common sense. If someone wanted to hack your forum, how could they do that? If your personal email account is hacked, could they reset your admin password and login with little effort? Could they login to your hosting account and download all your files and databases? Do you have offline backups in case the attacker decides to drop your forum database?

There's lots to consider. If you want "okayish" security, start with best practices.

https://docs.mybb.com/1.8/administration...rotection/

I always make sure everything is up to date and I back up daily, database and via FTP, so hopefully, if anything does happen, I will not lose much.

Yes, the plugin you mentioned is the one I have.

I have a fake admin folder too. Maybe I should use a different email.

Thanks guys.