Hi,
I recently build a new mybb forum, and i have all setup and now i need one security expert for look at my forum
And if he has vuln for patch it or other.
I pay good.
Thanks
There are no known security issues or exploits in the latest MyBB forum software version.
If a vulnerability comes to light, it is fixed as soon as possible with another upgrade. By now we can expect and rely on a secure software.
I recommend to secure your AdminCP by renaming the /admin directory (you can also use a honeypot /admin fake page) and also implement a multi-factor authentication using .htaccess for a password protected directory.
[ExiTuS]
(2021-01-28, 10:14 PM)[ExiTuS] Wrote: [ -> ]There are no known security issues or exploits in the latest MyBB forum software version.
If a vulnerability comes to light, it is fixed as soon as possible with another upgrade. By now we can expect and rely on a secure software.
I recommend to secure your AdminCP by renaming the /admin directory (you can also use a honeypot /admin fake page) and also implement a multi-factor authentication using .htaccess for a password protected directory.
[ExiTuS]
Yeah i should do it
And what kind of thing i should add inside .htaccess for the High Level Security ?
I want to secure my forum best i can
Thanks a lot
Thanks a lots of i will work hard on this
Hey i have a question about
Examples of sensitive Values:
var my_post_key = "0c153ee1b3a6f3847d98ab660fc0a64b";
<input type="hidden" name="my_post_key" value="0c153ee1b3a6f3847d98ab660fc0a64b" />
<a href="https://example.com/member.php?action=logout&logoutkey=e77ed4a03c8ae73f3aada970f0230d3f" class="logout">
SELECT * FROM mybb_sessions WHERE sid='2ab3cb1c5142e42654cab26aa9fd0ee9' AND ip=X'4d794242'
How i can hide this ? It a the end of the file i have all secure
Can i just delete this 4 ligne in template ?
Thanks again
The variable my_post_key is used to prevent XSS attacks. It is generated based on your login key which is generated when you log into the forum. The logout key is used to log out the correct user.
So this key is unique for each user ?
It's not a vulnerability ?
Sry but i prefer to ask i don't wan't to have stupid fail inside mybb.
I have setup some security on my forum right now. But need more and more security lol
akyna Wrote:So this key is unique for each user ?
It's not a vulnerability ?
...
This key is a session security feature, it prevents vulnerability!
[ETS]
(2021-01-29, 12:42 AM)[ExiTuS] Wrote: [ -> ]akyna Wrote:So this key is unique for each user ?
It's not a vulnerability ?
...
This key is a session security feature, it prevents vulnerability!
[ETS]
Okay thanks for you're help
So now i think i have all secured as i can
I hope it's good lol
And just i don't if i can add another question here it's about link preview like on discord / facebook....
I doesn't have any preview but i have add the line like this :
<meta name="description" content="ZenCommunity | La communauté française par excellence !" /><meta property="image" content="/images/zen.png" />
I don't no if it's the good way and if a can ask here.
Hello, would be pleased to help you.
Catch me at Email : nicole[at] cisinlabs [dot] com
Looking forward to our next conversation!
Many thanks,
Nicole