Thread Rating:
  • 2 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Tutorial] How to Help Secure your Forums from being Hacked/DDOSED
(2012-12-03, 12:25 AM)imtiax Wrote: I have changed the title of the Topic with a better choice of words now.

(2012-12-03, 12:22 AM)Nathan Malcolm Wrote: I can think of 20 methods off the top of my head to hack a forum, and none of the above posted are included. Security is a process, not a product. The above might help to some degree, but it won't prevent your forum from being hacked.

Yeah, but this tutorial eliminates the common ways of getting hacked.

- If no one else can get hosting on your server, then they can't use any shell to gain access to your files as they can not upload anything. (Which is how most forums get hacked anyways [Especially the ones advertised at HF])

- They can't bruteforce SSH/yourlogin since you disabled it and only the owner can access it via console.

- They don't know your servers REAL IP, so they couldn't use a Putty client and try to bruteforce a login to your VPS

The only way they could hack you now is by exploiting myBB, which should be pretty hard.

Even if they use the upload attachment feature, and successfully upload a shell, it will most likely not work as we have disabled the main Symlink functions, but there are shells out there that still bypass it, their hard to find though.

1. Yes they can, lol. All it takes is you installing a poorly made plugin that allows them to execute something malicious, then you're a goner. And welcome to HF, no one there who can do anything will bother with a forum as small as yours, or anyones for that matter.

2. If you were smart about security in the first place, you wouldn't even have SSH listening on port 21, you'd have it on some random port that only you know.

3. They can still get it without having all the "CloudFlare Resolvers" around.

Those shells aren't hard to find at all, honestly.

(2013-02-19, 06:33 AM)Josh H. Wrote: It can for quite a while. Assuming you don't have Anonymous knocking on your door though, and if you have the web server optimized, you can probably reduce a fair amount of the problem.

But I personally think that using CF to hide an IP is the wrong use of the service. As has been stated, an attack needs to push 5Gbps or more for the attacks on the actual server to last long. If you don't have Anonymous knocking on your door or you haven't pissed someone off, you're probably going to be okay.

Yeah. I don't understand why people use CloudFlare to hide their IP, when you can just email them and get the IP. If I cared enough or the OP wanted to, I'll go and get his IP for his site without needing more than 4 sentences and 2 minutes of looking around. The real use of CloudFlare should be for making your site much faster.
Stuck somewhere on MyBB and need some help? Don't hesitate to PM me, I'm always happy to help you.
[Image: 4bIL7E3.png]
Themer, crappy coder!

Messages In This Thread
RE: [Tutorial] How to Help Secure your Forums from being Hacked - by Lith - 2013-03-02, 10:28 PM

Forum Jump:

Users browsing this thread: 1 Guest(s)