Thread Rating:
  • 2 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Tutorial] How to Help Secure your Forums from being Hacked/DDOSED
#11
(2012-12-03, 12:25 AM)imtiax Wrote: Yeah, but this tutorial eliminates the common ways of getting hacked.

There are many more common ways than the ones above. You've barely scrapped the surface.

(2012-12-03, 12:25 AM)imtiax Wrote: - If no one else can get hosting on your server, then they can't use any shell to gain access to your files as they can not upload anything. (Which is how most forums get hacked anyways [Especially the ones advertised at HF])

RFI/LFI, SQL injection, XSS, there are many ways to gain access to be able to upload a shell.

(2012-12-03, 12:25 AM)imtiax Wrote: - They can't bruteforce SSH/yourlogin since you disabled it and only the owner can access it via console.

The thing is, for most users that's overkill. Plenty of users use shared hosting without any issues, including big boards. If the host has hardened the server (jailed accounts for example) then there shouldn't be any issue.

(2012-12-03, 12:25 AM)imtiax Wrote: - They don't know your servers REAL IP, so they couldn't use a Putty client and try to bruteforce a login to your VPS

You shouldn't be using passwords, you should be using key pairs. Regardless, CloudFlare isn't meant to hide your server's IP address. As a reverse proxy that's just how it works. You should secure SSH itself instead of trying to hide the IP address.

(2012-12-03, 12:25 AM)imtiax Wrote: The only way they could hack you now is by exploiting myBB, which should be pretty hard.

That's not the only way. As I previously mentioned, you've barely scraped the surface. There's nothing here that really is specific to MyBB.
No longer involved in the MyBB project.


Messages In This Thread
RE: [Tutorial] How to Help Secure your Forums from being Hacked - by Nathan Malcolm - 2012-12-03, 05:33 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)