Thread Rating:
  • 2 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Tutorial] How to Help Secure your Forums from being Hacked/DDOSED
#1
Wink 
Many of you come here time to time and say your site gets hacked.

There are two general ways to hack a forum.

- Upload a shell using the attachment feature or use XSS to get admin login

- The Hacker will purchase hosting on the same server as you and upload a shell and use SYMLINK Exploit to pull your data base names and passwords.

There is a very cheap and easy way to prevent this.

First of all, Purchase a Small VPS.
--

If you want to install cPanel (That will cost you 14.95$/month), you want a VPS with at least 1GB Ram.

If you don't use cPanel get a VPS with approximately 256 - 512mb Ram (384mB is perfect), and install MYSQL and Apache.

Now go to your PHP.ini file and under disable_functions just copy and paste this

Quote:exec,popen,pclose,php_eval,safe_dir,zend,g lob,root,ftok,posix_access,egy_perl,symlink, ini_restore, shell_exec, passthru, error_log, ini_alter, dl, openlog, syslog, readlink, symlink, link, leak, popen, escapeshellcmd,proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, escapeshellarg, pcntl_exec, exec, passthru, popen, wscript,apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec,system, xmlrpc_entity_decode

What disabling all those functions are:
- It disables the common Symlink method to access Databases and PHP Config files.
- Disables functions that booters/shells use
- Disables any method that a regular site would not use, and functions commonly used by hacking scripts.

I recommend updating MYSQL to the latest version and PHP to 5.3.x, Recompile Apache and restart Apache.

Now to secure your System, disable SSH so no one can Hack you, or change your SSH port and make it so only your IP can connect to your SSH port.

Finally, to hide your Systems real IP, use CloudFlare.

After you add your site to CloudFlare, delete all the Records except A and CNAME

So it looks like this,

[Image: WUU7G.png]

This prevents people / Hackers / kids that want to ddos from using a CloudFlare Resolver to get your real IP.

Proof (I used a cloudFlare resolver on that domain), it does now show any server IP's.

[Image: KpYi5.png]

--

Using this tutorial basically eliminates 90% chance of anyone hacking your site, although the only method left would be XSS, which I do not know how to block as I do not know anything about XSS.

hope this helped.

The reason why I leave the 10% chance of your site being hacked is because Hackers get smarter and develop new methods every day.

I am not responsible if your site still gets hacked.

--

Also you should always rename your AdmincP Directory, you can find a tutorial on the Internet on how to do that.

My site is www.imtiax.net and I did everything on this guide to it.

--

Also I recommend using an external SMTP Server so no one can read your mail headers and get your servers IP. Name Cheap has 1 year free SMTP Servers, you should go check them out https://www.namecheap.com/email/email-hosting.aspx


Messages In This Thread
[Tutorial] How to Help Secure your Forums from being Hacked/DDOSED - by imtiax - 2012-12-02, 09:37 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)