Thread Rating:
  • 2 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Tutorial] How to Help Secure your Forums from being Hacked/DDOSED
#29
Quote:They don't know your servers REAL IP, so they couldn't use a Putty client and try to bruteforce a login to your VPS

Sure they do. When they registered they get an email validation. IP would be right there in the headers. And if you have it disabled then they could just do a thread subscription and wait for a reply.

You never mention other services you may be running that could be exploited. Simple stuff like FTP.

Quote:The thing is, for most users that's overkill. Plenty of users use shared hosting without any issues, including big boards. If the host has hardened the server (jailed accounts for example) then there shouldn't be any issue.

Shared hosting is definitely the least secure method of hosting. But that's only assuming the sys admin is capable.

The only way you'll hide your IP is to hide SOME services on different IPs. But some services have no choice but to be exposed. You'll need to place those services on different boxes. You can run SMTP with MyBB but that will require you to get a different VPS to make sure your HTTP serving isn't effected.

The steps OP outlined are rudimentary at best and doesn't really offer sysadmin advice that's really needed like security each service properly, a firewall setup, packages like suhosin, triggers for root kits, and ways to spot entry and entry attempts.

If you do what OP says you'll be more secure. But you certainly won't be out of the woods.

Quote:MX entries are needed to send mails right ?

Technically only needed to receive mail. Mail services should be a thread all on it's own.

BTW there is at least one other method to grab server IP outside of mail using MyBB.

And if in the end you're not a capable sys admin you might actually be LESS secure using a VPS than if you used a reliable shared host.


Messages In This Thread
RE: [Tutorial] How to Help Secure your Forums from being Hacked - by labrocca - 2013-03-04, 07:17 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)