Bad Situation~ Need Advice!

[Fait]

That was Along post, Please note that secuity is also my biggest goals to keep safe, I hope that this mistake will make me A better Forum Owner (Mistakes Happen For A Reason)

Once We get over our current dos attack sorted we will be hiring new trusted staff (Maybe part of my family as I can trust them) And Upgrading Secuity Infomation for all users and major secuity updates.

Once Again we are Sorry for any posdible incovience

This Is a big lesson learn bu us all

 

[Sam]

Well I have a feeling I know who "Unnamed" is- wink if I'm right 😉

It's definitely not good for admintalk to be down for so many days. Maybe next time you should do a couple of things to prevent this:

-Ask others on the forum, telling them that "insertusername" is offering to install IPBoard on the forum- do you want it.

-Be wary of people who threaten to come back and destroy the forum.

-Scam is the right word, it's not hard to download a Warez IPBoard.


In this situation I would have tried to avoid it. If that happened to me I would now attempt to get the forum back as quickly as possible. I would then be extra cautious with giving out staff positions on the forum- in case unnammed comes back.

P.S. I get a permission error now when trying to view your forum.

 

[Fait]

Yeah, I hace added deny from all in the.hta folder so we can mingeate these attacks.

We Should be able to return in 1 hour 😀

 

[karoshio]

The thing is Spudster your forum right now is TINY you do not even need staff members besides yourself yet >.<

You don't need more security any of that, just common sense.

Keep backups and only give people power you know and trust.


That's it nothing more. I am unsure why you say you're always getting DDOSs, is your host that bad or have you seriously just pissed a ton of people?

DDOS on small forums are so uncommon these days, I never see it happen in fact.

 

[Luke]

Just saying but isn't this something you'd know by owning an admins forum, not to give out information to strangers which could wreck your forum.

 

[Fait]

The host says its A ddos But Its not I think I found the issue and its nothing relating to this issue 😀

Working On Fixing It Now And Tiring Up Secuity

It Wont be Happening again, in fact Im going to build an Applucation Form.

 

[Sam]

karoshio, I wouldn't be too tough on Spudster- he only fired a staff member on his forum. It's just that one member has decided to attack and destroy AdminTalk.

 

[Fait]

Yes, Someone Decides tries to destroy A forum just becuase they lost Staffship, That i dont get. I was talking to him on google after I Sacked him and he was threating todo this via gmail. (And ofcourse Did It)

On With the good News 😀

the Forums are Now Back Online & Fully Operational

http://admintalk.net (NameServers May Still Be Updating But It Works For Me You Should Be Viewing an Mybb Board Not IPB)

 

[karoshio]

karoshio, I wouldn't be too tough on Spudster- he only fired a staff member on his forum. It's just that one member has decided to attack and destroy AdminTalk.

I am not trying to be tough I am just stating the facts.

There's no situation even for this topic. There were back ups made and some crap happened.

Yes it sucks but really the only option is load the backups, let your members know what happened and learn from the mistakes made.

I am sorry if I sound harsh but this all felt very clear cut to me.

 

[noreturn]

A user called Nathan registered asking for staff So

I gave him A chance after promoting him.

That's exactly your problem. When some random person registers and asks to be staff in your Forum, why would you make him a staff?

I had said it many times, but will repeat in another time.

"A person who has qualities to manage a Forum will never beg someone for a Staff position. If someone registers your Forum, and asks to become staff, either he is a scammer, or he is a newbie and going to use your Forum as testing board.

Since you have backup, i would advise you to install a fresh copy of MyBB, import the database backup you have and make your Forum online. And change your Cpanel and Forum login details.
Before you do this, remove any files that are in your hosting server, as he may left some backdoors.

Exactly when someone signs ups and ask for staff I handle it professional and either tell him no or tell him I will keep a eye on him because I am looking for staf.. You never ever hire someone as staff when they first register just for this reason.. I highly recommend learning from this experience and not higher people for a job as soon as they sign up at least set a limit of how many post they need to have and how professional and quality their post is because that will explain a lot..

If you were running MyBB 1.6.4 that might be part of your problem because they had a security break through thats why MyBB 1.6.5 was released.. But also all administrators on any forum should have a highely complex password; infact I know many of my friends have it somewhere on there computer to copy and paste it or simply have it written down next to their computer.

All I can tell you to do right now is install newest MyBB verison (1.6.5) and then add some security to ACP.. Also I can't remember exactly how off the top of my head but you can change the ACP link to something complex also and just favorite it.. I think if you take a couple of precautions this time you can have a much better forum with much better security..

I wish best of luck to you.

**Edit**
Also I know what else I was thinking if you add user IP match you can search up his IP, then if he does something you can ban that praticular IP from your site..

Here is this link on how to change ACP link if you want it 😀
http://community.mybb.com/archive/index ... 97252.html

 

[Fait]

Thanks 🙂 Think we had the latest verstion that mid should work 🙂

We are currently working on gaining activity back any ideas?

 

[Sam]

Great to hear that's it's all back up- a little sad that the forum has lost half it's posts 🙁

 

[Fait]

We Got dossed again 🙁

 

[Sam]

Sorry to hear that Spudster- I'll admit that with recent events you were facing an uphill battle on the forum. Changing your domain and starting again may help you though 🙂 Or you could purchase another promotion community- ask around, someone may want to sell.

Sorry to here it and Good luck for the future!

Sam

 

[kavin]

Never give up. If you closed your Forum, just because you get DDOS or hacking threats, then they will more likely continue it, even if you open a new Forum.

 

[Fait]

Thanks 🙂 I tried best I could to keep the comunnity online Maybe after Chirstmas when I get A real desktop I can start On a fresh start, It also nothing todo with open/shut think the forum would of lasted anyway

Infact may go back to learning PHP For 2 weeks 😉

Im Stuggling In running it on An iphone which is not an actual computer.

And are there any other ways to mingrate/stop these attacks?

 

[Sam]

You could start by disabling the mybb portal- that's ddossed a lot....<br /><br />-- 14 Dec 2011, 18:30 --<br /><br />Read this it may help: http://blog.readywire.com/2008/11/ddos-attack/

 

[Fait]

A few more questions?

Should we ReOpen and if we do

How Can I Regain Activity/Reputation.

 

[Sam]

Re-opening is up to you BUT, you may want to completely start again- with so much downtime, the forums reputation is shattered.....

The only way to regain members trust is to explain exactly what happened FULLY and email them. Then you NEED to guarantee it won't happen again....

Just remember how much work you've put into the forum already- it's something that keeps me going when things are tough.

 

[Fait]

Ok Read Article Here http://admintalk.net/forums/thread-145- ... tml#pid823