has your forum ever been hacked?
- Thread starter The Reverend
- Start date
Spudster said:
Wait a second. All they did was ban the hacker's IP address? Are you flipping kidding me? Anybody with half a brain can realize that IP bans never work. There are some really smart sick-o's out there who really know their stuff as far as how proxies work, what the best proxy sites are for hiding your true identity, stuff like that. I don't even run a host and even I know that IP bans don't work. I mean, that is such an elementary school level rule, it just makes me lol to think that some idiots only ban IPs thinking that that's a good way to get rid of them and be done. To truly be rid of a hacker/troublemaker, you're better off banning all account details, and any future accounts the person tries to sign up with.
I myself have used proxies before, but never for skirting my way around a ban. Once I realize that I'm no longer welcome on a forum, I'll find another forum to join up with. Someone recommended a proxy site to me one time when CT was going through a heck load of problems with the server last March. But that's a whole nother story right there, though.
D
Deleted member 9315
AAAAHHHH! I'm so confused! Which forum hosting is better? Or which forum version???
I know that phpBB3, is more likely to get spammed than Invision or VBulletin.
Unless the correct security requirements are used.
MyBB? Forumotion? All these hosts, are they really helpful? Or...?
I'm using forumotion, and I can tell you, that its a bit rubbish. And Proboards is just bulky.
I know that phpBB3, is more likely to get spammed than Invision or VBulletin.
Unless the correct security requirements are used.
MyBB? Forumotion? All these hosts, are they really helpful? Or...?
I'm using forumotion, and I can tell you, that its a bit rubbish. And Proboards is just bulky.
Mr. BreeZy said:
Sounds like Chatting Time's incident last August. Thankfully, however, there weren't no three thousand posts (although it sure as heck felt like it!) and we ended up giving our newly hired co-admin founder access at the time, because the spam attack occured when neither Ash nor I were around, and our admin was getting frusterated because we were being hit with spam, but yet he didn't have the required permissions to ban anyone. I think the most he was allowed to do at the time was trash the topics, clear report complaints, and all of that, but he didn't have the power to ban.
Susan said:
Actually, Susan, if you know where to look, phpBB really has some nice anti-spam mods out there that you can install and configure according to your needs. I recommend getting out of Forumotion ASAP. Sites get hacked all too easily on there, because they are so lax on security, it'd be easy for a site to get hacked probably in a manner of seconds. As basic as that host is, I'm sure people who've never hacked a forum before could very easily break in and start screwing around. If you do decide to go to VB, I would personally recommend 3.8.6, or anything below the 4.0.x series. This last year alone, VB has gotten into some major hot water for their lack of security for the 4.x updates, and as a result, they even have made national headlines because of this. So if I were you, if you really wanted Vbulletin bad enough, I would not purchase a license for 4.0 series, instead I'd buy a license for the 3.x series. Not sure if they carry older versions of licenses or not though, that's just the downside.
D
Deleted member 9315
OK, so basically, most of these free forum sub-domain hosting sites are very awful on security??
And is there such thing as free forum hosting and you can just get your free domain without paying?
And is there such thing as free forum hosting and you can just get your free domain without paying?
Susan said:
Not all free hosts are as bad as Forumotion. There are actually a fair few good ones out there. One of my personal favorites is ProphpBB http://www.prophpbb.com Their staff are very friendly and are always willing to answer questions. They never have unecessary downtime, and when there is downtime, they are honest and open about what happened and why the site was down, whether the downtime was avoidable or not. So while there is such a thing as free hosting, I don't believe there are any sites out there where you can obtain a domain while you're at it.
D
Deleted member 9315
Yeah, I guess. I probably exaggerated there about that.Ashley said:
One time I bought a turnkey script which was a hotscripts clone. It had sql vulnerabilities in it and I was young and didn't know what security really was. A hacker got through, got my password for my site (which i used on every site, like an idiot lol) and defaced all my sites including several forums.
It was some Iraq Hacker that said he was hacking me because I am an infidel. lol
It was some Iraq Hacker that said he was hacking me because I am an infidel. lol
D
Deleted member 9315
LOL!Shawn said:
My forum has never been hacked, but just a tip:
Always backup daily and don't let your index portal open! Someone can just hack it the forum software and say its theirs!
Susan said:
I'm one step ahead of you there, already, Susan. Before CT was hacked, we did backups I think it was every 24 hours. But now, after CT's hacking last month, we now do backups every twelve hours. So should this happen again, we will be more prepared next time and hopefully with any luck we can get things sorted right away.
@Shawn: Well, at least now you know to check and make sure that a script is the real deal before installing it, right? Installing a script with loads of vulneralbilities could actually serve as a rude wake up call for just about anybody, especially those just starting out in the forum owning biz, that's for sure!
D
Deleted member 9315
Ashley said:
D'oh! 12 hours is acceptable...
Actually, it's not really acceptable, it's mandatory. At this rate, should we ever get hacked again, we'll be prepared for the next round and we won't have to worry about losing a day or two's worth of posts. Because when we got hacked in August, I think we ended up losing at least 24 hours worth of posts, if not more than that. I was pissed personally because there were some topics that I made lengthy replies to, and thanks to the hacking all those had been lost. I didn't feel much like repeating myself so I just left it alone and moved on with posting. I have a short term memory anyway, so no way would I have been able to remember exactly how I worded a post the first time around, that's for sure!
I dunno if I already replied but in any case not of yet. let's hope it remain that way. It has been hinted some like to hack forumotion user in order to do us a favour and makes us realize the wrong of our ways and move out f it.
Each version got their exploits, so by having what version you are on, anyone who wants to have a go harming your site may investigate and learn what are the weak spots to exploit. Not knowing which version is makes it harder for them. At least that is what I have been told about it, el canadiano or someone else may correct me and en-light us both, heh.Ashley said:
Kaynil said:
Okay, I'm understanding it now, and it actually makes perfect sense. Because if you were to have a forum hosted on phpBB2, it'd be a wise idea to take out the version number, especially since phpBB2 is no longer supported by the official phpBB site. Also, since it is out of date and out of context, phpBB2 would not have any security measures at all, and if Captcha was enabled, it'd be one of those old fashioned ones that anybody can solve, whether that's the first forum they've ever joined or not.
Oh, and may I add that phpBB 2 was actually a random example I came up with, especially since 3.0.x and above can be very well protected through all sorts of means.
Poopy Head
Seasoned Veteran
My forum has never been hacked, but popular sites have a better chance to have that happen.
NBA Boards got hacked a couple of years agp. They didn't do much before the main admin got the account back, but the guy kept trying. He cracked like 15 accounts. He was able to do it because of a flaw in the IPB version the site was running.
Our boards resident village idiot actually was able to get info on the guy and the guy who was doing it was a professor at Martha Washington College and we turned him in. We heard he got fired.
Our boards resident village idiot actually was able to get info on the guy and the guy who was doing it was a professor at Martha Washington College and we turned him in. We heard he got fired.
Affiliates
