IPB Hack

[Mr. Duck]

I was thinking about saving up for a IPB Licence, when searching on google (i was doing searches like themes, mods, reviews, then this came into my head) for hacking i found out it is not that hard to hack a ipb forum, do you think its alright?

 

[TIEU]

Its illegal to do this. You'd get your board shutdown, hosting companies also disapprove this.

 

[Mr. Duck]

Its illegal to do this. You'd get your board shutdown, hosting companies also disapprove this.

I wasnt doing the hacking, im saying people can and it will show your admin password and they can log-in on your account.

 

[TIEU]

Oh if the software is exploitable. IPB and vBulletin are most secure forum board software available. So there is nothing to worry about. IPB is more secure in my opinion.

 

[AnAccount]

I think just about all forum softwares are hackable, aren't they? I have a rule for staff on my forum that to keep their accounts from being hacked on Chatting Time, I recommend that they change their passwords frequently, either by coming up with one manually or using the Forgot My Password feature often.

 

[about lee]

IPB is one of the most secure forums going. Any form of glitch or threat of IPB being hacked the staff work hard on developing a patch to fix or stop it. Only reason why forums are hacked is because of lame passwords etc... If you use Letters, Numbers, Symbols etc.. and over 6 letters you should be fine.

Its also recommended to make sure your forum software is up to date with the current release of IPB. 3.1.2 is the latest.

Fellow IPB user. :great:

 

[TIEU]

@Ashley

If a board was exploitable eg: SQL Injection vulnerability etc. changing your password wouldn't really do much. They could easy just still obtain your database tables etc.<br /><br />-- 30 Sep 2010, 22:02 --<br /><br />@Ashley

If a board was exploitable eg: SQL Injection vulnerability etc. changing your password wouldn't really do much. They could easy just still obtain your database tables etc.

 

[Jonathan]

I say this to everyone who worries about exploits on their forums: HIDE YOUR VERSION NUMBER.

Kabam, I find an exploit for vBulletin 3.8.2, I google "powered by vBulletin 3.8.2" and find forums running it with that exploit possible. Hide this version number and suddenly it makes your forum much safer. Also rename mod/admin directories.

Commercial forum software is the safest usually from attacks - it has to be. IPB is not easy to exploit, but scamming an admin's password on IPB is just as easy as anywhere else which is what most kiddie "hackers" do these days anyway.

 

[CyberFreak]

It is not true that commercial software is safer then non comercial. If i release a forum software with many security issues in it and charge people for it, it will still get exploited more times then phpBB for example. Software being commercial can help a bit to make it a bit less easy to exploit although hackers can easily get their hands on the source code one way or anther and it certainly does not make commercial software much safer then non commercial software. Really it doesn't really make any difference. If a hacker can find an exploit in a software then the chances are they easily know where they can get vb or IPB from. If you compare phpBB3 to vb3 or vb4 and you will see that actually vb seems to have more security problems.

All softwares can be exploited. Nothing is 100% secure.

 

[Watch Me Sink]

I say this to everyone who worries about exploits on their forums: HIDE YOUR VERSION NUMBER.

I say this to everyone who worries about exploits on their forums: KEEP YOUR SOFTWARE UP TO DATE.

Many are mistaken in that [hiding version numbers] will help them avoid attacks. This is incorrect. Most "hackers" nowadays are nothing more than bored script kiddies that run packs to try anything and everything and see what sticks.

Two forums that I go on have been hacked recently. Mine and somebody elses. Mine: version number wasn't hidden. Other person's: version number was hidden.

 

[Cosmic]

it is not that hard to hack a ipb forum

Fixed:

it is not that hard to hack any forum

Any forum software can be hacked pretty easily. Just back up your website and hacking won't matter.

 

[David]

I was thinking about saving up for a IPB Licence, when searching on google (i was doing searches like themes, mods, reviews, then this came into my head) for hacking i found out it is not that hard to hack a ipb forum, do you think its alright?

Do a Google search for any other software and you'll get similar results. Any software is hackable; you just need to know how, and once you know how, "easy" or "hard" becomes irrelevant. Just be sure you've got all your permissions updated and set to what ever is required.

 

[AnAccount]

I was thinking about saving up for a IPB Licence, when searching on google (i was doing searches like themes, mods, reviews, then this came into my head) for hacking i found out it is not that hard to hack a ipb forum, do you think its alright?

Do a Google search for any other software and you'll get similar results. Any software is hackable; you just need to know how, and once you know how, "easy" or "hard" becomes irrelevant. Just be sure you've got all your permissions updated and set to what ever is required.

That almost makes it sound like you're giving him ideas, mate. :shrug:

 

[David]

I was thinking about saving up for a IPB Licence, when searching on google (i was doing searches like themes, mods, reviews, then this came into my head) for hacking i found out it is not that hard to hack a ipb forum, do you think its alright?

Do a Google search for any other software and you'll get similar results. Any software is hackable; you just need to know how, and once you know how, "easy" or "hard" becomes irrelevant. Just be sure you've got all your permissions updated and set to what ever is required.

That almost makes it sound like you're giving him ideas, mate. :shrug:

How so? He already did the Google search; he has the idea already, so I'm just clarifying the fact that Google will give search results on the basis of what Google thinks is most important in their algorithm. The results will most likely be "how to hack ___" or "hack ___" or "learn to hack ___" etc. It's not like I put the results there.

 

[Zenrer]

Running an illegal copy of IPB means you can get your forum removed, hosting suspended etc.Its best advised to just buy the software so you have the assurance you cant get reported.

 

[Jonathan]

I say this to everyone who worries about exploits on their forums: HIDE YOUR VERSION NUMBER.

I say this to everyone who worries about exploits on their forums: KEEP YOUR SOFTWARE UP TO DATE.

Many are mistaken in that [hiding version numbers] will help them avoid attacks. This is incorrect. Most "hackers" nowadays are nothing more than bored script kiddies that run packs to try anything and everything and see what sticks.

Two forums that I go on have been hacked recently. Mine and somebody elses. Mine: version number wasn't hidden. Other person's: version number was hidden.

http://custom.simplemachines.org/mods/i ... p?mod=1046 amirite? I probably disagree with it to be honest, it still remains that exploits are made public for different versions of softwares and people use them. Of course people can use said method but yeah, it still helps.

Of course it's just one part of staying safe, but it's a damn obvious part. And yes, keep the software up to date. But sometimes even that can be a security issue - vB 3.8.6 from IB had a massive security flaw in it. If I had "upgraded" to that then I'd probably be more vulnerable.

It is not true that commercial software is safer then non comercial. If i release a forum software with many security issues in it and charge people for it, it will still get exploited more times then phpBB for example. Software being commercial can help a bit to make it a bit less easy to exploit although hackers can easily get their hands on the source code one way or anther and it certainly does not make commercial software much safer then non commercial software. Really it doesn't really make any difference. If a hacker can find an exploit in a software then the chances are they easily know where they can get vb or IPB from. If you compare phpBB3 to vb3 or vb4 and you will see that actually vb seems to have more security problems.

All softwares can be exploited. Nothing is 100% secure.

Yeah obviously it's case by case and I'm not saying that commercial forum softwares CAN'T be exploited or that they won't, I'm saying they have to make an effort to prevent it as people are paying for it - phpBB can be pretty chill because it's a free software but if vB makes a wrong move then everyone's all over them.

In my experience I've seen less security problems with commercial forum software but I haven't looked anything up on this one.

 

[Watch Me Sink]

Running an illegal copy of IPB means you can get your forum removed, hosting suspended etc.Its best advised to just buy the software so you have the assurance you cant get reported.

OP was thinking of buying, not hijacking.

 

[NBK*Twitch]

Oh if the software is exploitable. IPB and vBulletin are most secure forum board software available. So there is nothing to worry about. IPB is more secure in my opinion.

Hahahahah uhmm where the hell did you get those figured??

In recent news MyBB had the least known vulnerabilities and SMF 2.0 rc3 had only 3-4.

 

[Loading]

If you mean using a nulled copy of IPB, yes, it's very use to get and use. It's illegal and your forum will be shut down very fast if you don't use off-shore hosting.

 

[Watch Me Sink]

Oh if the software is exploitable. IPB and vBulletin are most secure forum board software available. So there is nothing to worry about. IPB is more secure in my opinion.

Hahahahah uhmm where the hell did you get those figured??

In recent news MyBB had the least known vulnerabilities and SMF 2.0 rc3 had only 3-4.

RC4 should be coming out soon: I see only 45 open bugs in the tracker for 2.0RC3.