How to prevent hackers on your site

[dballerp]

I thought to help other forums protect themselves from not getting hacked, I have made this small guide. Keep in mind that absolutely no forum is 100% safe, just remember that because you might come back and diss me for making a guide that doesn't work. This is just common sense from a hacker's point of view.

1) Your hash code. It's a long line of numbers and letters that appears in your URL.

example of hash codes

Spoiler

It's so easy once a hacker gets your hash code to generate that into your password. Never reveal your hashcode to ANYONE. if your copying and pasting a URL, make sure there is no hashcode on it and if there is, remove it before posting it.

2) Never click on a link that you have never seen or heard before. This includes any tinyurl links and ones with weird letters in them. Someone can easily keylog you, which is what I think happened in the first place, and get not only your AH info, but anything saved on your computer. Scary stuff, I know.

Even if it's someone you trust, still do not. If you're unsure of it, google it or ask if others have heard of it before. Better safe then sorry (trust me)

3) Never accept an MSN or AIM or whatever chat request unless you know that person. There's a very easy way to get your IP address from this and then ultimately your email account (trust me, this is one of the first things I learned). So if anyone, esp. Tayne, asks you to talk on MSN, just tell em to come in the chatbox we already have. This also goes to never giving you IP address to ANYONE. If someone happens to get it, pm me and I'll help you change your IP.

Also, for you admins, becareful of you let become an admin. I've learned how much damage I could do with just your I.P. address.

So thats about it for now. If I think of anything else, I'll put it down

 

[SheepishWolf]

Another I think would be; Use a unique password for every forum that you have moderation control or higher on. If you want to be completely safe use a disposable email then the main account use a unique password with a key scrambler on. (Someone told me this)

 

[dballerp]

Yes I will be sure to add that soon.

Again, like I said before, no one is completely safe. Somehow, a hacker will be able to do it.

I've been learning hacking for a while and there's always exploits to be found. Going to that exploit is just step 2.

Anyways, thanks for posting this

 

[SheepishWolf]

Yeah, but like I said, if you use a disposable email you'll be completely safe from getting the email hacked and them getting into your account that way.

 

[dballerp]

Yeah, but like I said, if you use a disposable email you'll be completely safe from getting the email hacked and them getting into your account that way.

Oh, I thought you meant something else.

Well ya that's a good point, but over 80% of the time, the hacker doesn't need the email. But good point anyways

 

[Panik]

Hmm might you explain to me what could be done with just an IP address?

I fail to understand how an address can lead to one being hacked.

 

[James,]

The most things a hacker can do to your IP address is use it to find exploits on your PC , one called MetaExploit , my guess is , forgot the name. And if your PC is not patched , such as having a 1980 PC , they can tell whether your PC is vulnerable or not. That's just for scanning exploits , they can't automatically hack you with your IP Address. But , stay anonymous on the internet is the recommended. And what they could also do is simply DOS [ Denial of Service , sending a lot of connections to one's router with only one user causing it to do it ]. Or DDOS [ Distributed Denial of Service , sending tons of connections to one's router with more than one person doing that. Mainly , people use 'Bots' for that type of thing. Bots are people who've the DDOSer infected to make them do anything such as DDOS a site or one's Home internet connection ]. That's all I pretty think all that hackers or DDOSers can do to you with your IP Address. And they can also trace your IP and find out where you live and such.

 

[JamesD31]

1) this list seems a lot more in regards to being 'hacked' in general rather then your website/forum being hacked. The only thing I see is the first part in regards to website/forum building and I'll comment on that.

If you ever plan to build your own CMS within your website and plan to store important data (passwords for instance) always encrypt them. I do a few encryption techniques and this is just for passwords even.

I salt & pepper them:

php code

$salt = "someRandMSt7r";
$password = $_POST['pass']; // I might even sha1 / md5 this before as well
/* $password = md5(sha1($_POST['pass']));
$pepper = "n8therSt77r";

I would also put a number of combinations of md5's and sha1's as a single level has already been decoded and TRUE hackers can get around this as well. So, I would suggest doing so.

// then combine the salt & pepper
$pass = md5(sha1($salt . $password . $pepper));

That's just my tip.

In regards to what a 'hacker' can do - most will try to attack true websites with actual purposes to 1) get valuable information (especially finacial) or 2) shut down the website for malicious purposes.

The kid James above me (funny) did a good job explaining a bunch of this stuff. Though most people won't take the time out to 'hack' your computer. Instead they might take advantage of certain things to install scripts on your computer to then be used in the DOS attacks that they have planned.

 

[Fiona1964]

Other good idea is change your password often

 

[JamesD31]

Even the password changes won't stop a hacker fully. They can inject harmful code within form input fields if you are not safe!

Using things like mysql_real_escape_string() and htmlentities() will hopefully slow down a hackers attempt at changing or even deleting all of your database - even allowing himself access to being an 'admin' role.