Basic Online Security Tips and Staying Safe Online

[Cosmic]

It is important for all of us to remember that forums and websites do get hacked. It has happened to me in the past and it can happen to you. The tips below are basic things that you should consider, they do not guarantee that your site is safe, however implementing them will help. I will add to this article from time to time and any suggestions you have for improving it would be most welcome;

Passwords

1. Change them regularly
2. Use passwords that are at least eight characters long - the longer the better
3. Use combinations of upper case, lower case, numbers and perhaps even symbols in your passwords
4. Use different passwords for every site / application you use
5. http://strongpasswordgenerator.net is owned by an FP member and it can help you create strong passwords
6. Don't share your passwords with other people
7. Be careful where you store your passwords, you don't want other people accessing them either online or offline.

Forums

1. Adhere to the password tips above for your forum account, the hosting plan your forum is on, your forum domain registrar and your email account. Protecting your email account is particularly important, because hackers will often use your email account to get access to your other logins and passwords.
2. Use the latest secure version of your forum software
3. Be careful what mods you install, mods can provide an entry point for hackers. Only use mods from reliable providers and only use the latest most secure version of the mod
4. Watch out for updates and security notices from your forum software and mod providers
5. Be very careful who you give Admin and Moderator rights to on your forum and limit their permissions as much as possible
6. Password protect admin and moderator directories on your forum
7. Consider using the .htaccass file to only allow only your own IP to access the /admin/ directory. For phpBB boards this can be done by following this tutorial.

cPanel/FTP

1. Do not give other people cPanel/FTP access unless you really have to.
2. Be wary of users who approach you asking for your cPanel details or FTP access. This can include users asking for access to help you fix an issue or people offering your services such as software updates or mod installation. There are many scam emails being sent to people regarding phpBB upgrades and services. More information and tips can be found in This Topic on phpBB.com. This can happen for any software. It can even happen through your contact form on your website for example.
3. If you have an error on your site and someone is willing to help you, where possible try and get the user helping to provide you the fix for you to fix yourself to avoid you having to give them access to apply the changes themselves. If the error is simple to fix, many people will be willing to help and give you the fix and how to apply it. If the error is more complex then ask them to explain what the problem is and do your own research to see if that seems like the cause. It might be worthwhile asking someone else if the reason they gave you could be responsible for the error.
4. If you really must give someone FTP or cPanel access then ensure you trust them and do some research. Firstly find out what experience they have and look at forums they run and speak to other people who have been helped by this user.
5. Only give someone the access they need. If the problem can be fixed through the ACP, only given them ACP access and not FTP or cPanel access. If someone is fixing an error on your forum, only given them FTP access to that forum directory and not to any other directories or sites you may have running on that hosting account. This helps limit the damage.
6. Always make a backup of the files and database before giving someone access to cPanel, FTP access or even your forums ACP. Regular backups is advisable anyway to prevent dataloss in the event of a hack or even issues with your host or a mistake you or someone else makes when adding mods or completing upgrades to forum software.
7. If you have given someone cPanel or FTP access, immediately revoke access or change the passwords. While you may trust that user, if they still have their password in an email or PM and their account gets compromised, the attacker may then target you too.
8. Use your common sense and if something or someone seems dodgy, don't go any further. It is better to have an error on your site for a few hours than having your forum files/database deleted or sold. Remember that when giving people this kind of access to sites, you are allowing users information to be accessible to this person. They could easily modify the login procedure to email them passwords or export email addresses from the database.

General Online Security

1. Don't click on links that look suspicious, especially if you receive them via email from someone you don't know.
2. If you use a computer or device that may also be used by other people, log out of all logged in accounts before you shut down the PC or device.

Thanks to Fowler and master412160 for your helpful suggestions for this article.

 

[Cosmic]

Re: Like this

The importance of staying safe online cannot be overestimated. There are many dangerous people using the Internet. Many of these dangerous people are very good at pretending to be nice and winning your trust.

Please read the SMART Guidelines below, for some helpful tips on staying safe online. If you are concerned that you did not abide by these guidelines in relation to any member of FP, please talk to a parent or trusted adult about your concerns.

Secret
Secret is the first and one of the most important rules for online safety. Keeping personal information secret should become second nature to online users.

Never give out your name, address or phone number, because it's like giving out the keys to your home.

Never give out your password, because if someone knows your password they can often use it to find out other personal details.

Meeting
Using chat rooms and message boards is a great way to find out fun things and meet new people, but people you meet in chat rooms can also be dangerous.

Someone who appears nice online, may be very different in person. So arranging to meet in 'real life' is not a safe thing to do.

Children should only ever meet strangers with their parents' permission and when they can be present.

If an adult goes with a child to meet a new chat buddy, always meet in a public place such as a café or shopping centre. You should never meet with anyone who won't accept this rule.

Accept
The majority of viruses and files could have no effect on your computer if you don't open them or let them get on there in the first place.

Accepting files or opening e-mails from people you don't really know or trust can get you into trouble.

They may contain viruses or nasty messages that you don't want to read. So don't open or accept files or e-mails you are not expecting.

Remember
People you meet online may seem very nice to you, but that doesn't mean that they are telling the truth.

Many people are not who they say they are online and are pretending to be someone else. You wouldn't trust someone you knew in real life if they lied, so don't get tricked in the online world.

To avoid awkward moments, just stick to the public areas in chatrooms and if you feel uncomfortable at all, then just leave!

Tell
Many things can happen online that make children feel ashamed or secretive about what they've seen or experienced. Encourage children to tell you about anything that makes them uncomfortable.

Fear of a parent or guardian being cross is often more frightening than the uncomfortable experience they've had online, but that is what some nasty people will count on.

Talk to your children about what they are doing online and encourage them to use the SMART rules at all times.

Consider placing the computer in a shared room of the house so its use does not become secretive and hidden. Make your online use a family affair.

From BBC.

If you are made feel uncomfortable, worried or scared by anything you see or experience on the Internet, please tell one of your parents or a trusted adult about it.
[youtube]SGlrAhtQC24[/youtube]

You should also note that photos taken from a GPS enabled device such as your mobile can reveal your address - more here.