Forums Help - vBulletin, IPB, phpBB, SMF skins and community - View Single Post

Hawkstra · 10-17-2006, 09:07 PM

You may here a lot from people saying that phpBB gets hacked more than any other forums or not.

I thought I should tell you all who dont know or heard that, just like *any* software (Windows, Macs, media players, even Linux, etc.), if you don't keep the software up-to-date, then you could be hacked. Whenever a security hole is found in phpBB an update is quickly released. If you update as soon as they come out, you will be very safe from hackers.

Also there are alot of people hosting themselves who do not know how to configure server software securely which also adds to the risk

Besides not being up to date, phpBB got hacked a lot is because of its success.
A lot of script kiddies can play with this gpl code. But, on the other hand, since fixes are released, we end up with a pretty secure script (more than if no one had tested the security that much Wink

The minimal advice is to be up to date since everytimes a security hole is found, the fix suggest where to look for, so it's even easyer to hack old version after an upgrade, but if you keep on being up to date at least you won't be hacked for know issues.

Then .htpasswd is welcome to be in your admin folder (personnaly I also restrict it to only accept my personal ip since it's static).

Best is to add .htaccess with good old "deny from all" in db/ and includes/ folders.

But this only apply to apache servers.

Playing with more personnal redirections can also help out to disallow remote use of php scripts or to use custom error pages that inform eventual testers that you care about security (mine also hadle banned ip so that to many bad tryes lead to a ban, banned ip connection attemps to a message telling next time it will be reported to the ip provider, guess what none came back twice Wink ).

But there is nothing better than regular backups, so that the worst that can happend is to be offline the time to reinstall everything (15 min with good backups) in case of hack.

Ipb, vBulletin, phpBB, and all the others can get hacked. Anything can get hacked.

10-17-2006, 09:07 PM	#1 (permalink)
User Profile Hawkstra Member Join Date: Oct 2006 Location: USA - California Age: 17 Posts: 98 Total Points: 946 Donate My Zoints Profile My Photos: () My Mood:	Hacking phpBB You may here a lot from people saying that phpBB gets hacked more than any other forums or not. I thought I should tell you all who dont know or heard that, just like any software (Windows, Macs, media players, even Linux, etc.), if you don't keep the software up-to-date, then you could be hacked. Whenever a security hole is found in phpBB an update is quickly released. If you update as soon as they come out, you will be very safe from hackers. Also there are alot of people hosting themselves who do not know how to configure server software securely which also adds to the risk Besides not being up to date, phpBB got hacked a lot is because of its success. A lot of script kiddies can play with this gpl code. But, on the other hand, since fixes are released, we end up with a pretty secure script (more than if no one had tested the security that much Wink The minimal advice is to be up to date since everytimes a security hole is found, the fix suggest where to look for, so it's even easyer to hack old version after an upgrade, but if you keep on being up to date at least you won't be hacked for know issues. Then .htpasswd is welcome to be in your admin folder (personnaly I also restrict it to only accept my personal ip since it's static). Best is to add .htaccess with good old "deny from all" in db/ and includes/ folders. But this only apply to apache servers. Playing with more personnal redirections can also help out to disallow remote use of php scripts or to use custom error pages that inform eventual testers that you care about security (mine also hadle banned ip so that to many bad tryes lead to a ban, banned ip connection attemps to a message telling next time it will be reported to the ip provider, guess what none came back twice Wink ). But there is nothing better than regular backups, so that the worst that can happend is to be offline the time to reinstall everything (15 min with good backups) in case of hack. Ipb, vBulletin, phpBB, and all the others can get hacked. Anything can get hacked. __________________ Hawkstra Last edited by Hawkstra : 10-17-2006 at 09:10 PM.