* User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

* Recent Posts

Re: What are you listening to? by Stelios
[July 16, 2023, 08:54:53 am]


Re: What are you listening to? by Stelios
[July 16, 2023, 08:52:34 am]


Re: What are you listening to? by Jacob
[July 12, 2023, 01:59:53 am]


Re: What are you listening to? by Dagger
[July 06, 2023, 04:11:15 pm]


Re: Cannot Register on Support Forum by Jacob
[June 01, 2023, 01:09:08 am]


Re: Cannot Register on Support Forum by SMFNew
[May 21, 2023, 10:22:14 am]


Cannot Register on Support Forum by Stelios
[May 21, 2023, 06:45:30 am]


Re: Forum Profile Signature Error by SMFNew
[January 19, 2023, 10:26:49 pm]


Re: Forum Profile Signature Error by MangoMochi
[January 19, 2023, 10:24:45 pm]


Re: Forum Profile Signature Error by SMFNew
[January 19, 2023, 01:57:05 pm]

* Poll

  • Have you noticed better loading times?
  • Dot YES! My forum loads instantly!
  • 53 (33%)
  • Dot I have much better loading times
  • 20 (12%)
  • Dot I have noticed my forum loads a tiny bit faster than before
  • 22 (13%)
  • Dot I have not noticed any changes
  • 64 (40%)
  • Total Members Voted: 150
  • View Topic

* Twitter

Keep up to date with SMFNew by following us on twitter!

Author Topic: Advice to prevent Hacking (kind of)  (Read 5172 times)

0 Members and 1 Guest are viewing this topic.

Offline Mstcool

  • Member
  • Posts: 935
  • Reputation: +0/-1
    • View Profile
    • HangTime 101
Advice to prevent Hacking (kind of)
« on: August 02, 2012, 02:47:24 am »
Well i am not teaching you anything but this is just a reminder.


You Should check your forum every day. If not then every other day or at least 3 times a week or something to make sure it is working smoothly. Now who would want there forum to be hacked huh? Not me

Pro Hoster advice: Back up a lot! Back up every day or every other day. Trust me i had to make so many forums and start my forum again and again because i never backed up my forum. So Back up a lot! Back up before uploading anything.

Share on Facebook Share on Twitter


Offline Dxt13

  • Member
  • Posts: 262
  • Reputation: +0/-0
  • SMFNEW is fun !! Symbian Modder | Theme designer
    • View Profile
    • DailyTech
Re: Advice to prevent Hacking (kind of)
« Reply #1 on: August 02, 2012, 03:13:03 am »
More ways :

1. Don't allow the guests to enter the forum , until they sign up. If  you want to open it up for guests too , don't allow them to see memberlists or other forum's confidential data.

2.Change admin/owner account's password 3,4 times in a month

DailyTechforum.com
The Tricks,Mods,Coding you haven't seen before.Join today !

Offline Alex

  • Administrator
  • Member
  • Posts: 1913
  • Reputation: +7/-1
    • View Profile
Re: Advice to prevent Hacking (kind of)
« Reply #2 on: August 02, 2012, 04:32:28 am »
And please please have a secure password as admin and don't use it anywhere else.

Offline Trax

  • SMFNew Support
  • *
  • Posts: 1703
  • Reputation: +2/-0
    • View Profile
    • DollarSRV
Re: Advice to prevent Hacking (kind of)
« Reply #3 on: August 02, 2012, 07:23:52 am »
There's no reason to backup everyday, once a month should be enough or just before your making changes IE: installing mods, editing php files. Make sure you keep two months worth of backups of your files, just in case one fails.

Always backup from inside cPanel and make sure you have a complete backup. Just having the database and no files, or visa versa will not help you when things go wrong.

Oh and the backups are no good been stored on the server, you need to keep them on your computer.

Never ever share your details with anyone!
Cheap Web Hosting & Domain Registration

=====

Special Offer For SMF Users - Get 10% off any web hosting plan with code SMFUSER

Offline Dxt13

  • Member
  • Posts: 262
  • Reputation: +0/-0
  • SMFNEW is fun !! Symbian Modder | Theme designer
    • View Profile
    • DailyTech
Re: Advice to prevent Hacking (kind of)
« Reply #4 on: August 02, 2012, 01:48:35 pm »
@Trax

You are right but sometimes 1 day backup costs a lot . I mean , i visited some forums where members were 100 and next day , they were 400 ! So In such cases , backing up everyday is a need !
DailyTechforum.com
The Tricks,Mods,Coding you haven't seen before.Join today !

Offline Clara Listensprechen

  • Member
  • Posts: 65
  • Reputation: +0/-0
    • View Profile
    • Hypercrites
Re: Advice to prevent Hacking (kind of)
« Reply #5 on: August 14, 2012, 10:57:47 pm »
More ways :

1. Don't allow the guests to enter the forum , until they sign up. If  you want to open it up for guests too , don't allow them to see memberlists or other forum's confidential data.

2.Change admin/owner account's password 3,4 times in a month
As someone who is somewhat intimately familiar with how hackers get in, I can tell you that this is inadequate...and I can tell you one mod I really miss with SMF is the login-with-email mod.  I have a free-hosted board with SMFNew and I haven't had a problem so far with people trying to guess out passwords by using usernames they get from latestmember stats, but when I ran my board on a paid-for host, I ran into that a lot.

Hackers are smarter than that, when they get familiar with SMF coding. They use search engines rather than direct browsing of your forum to get access to information via board stats, and knowing that member number 1 is always the admin.

On my SMFNew board, I've observed Google posting in the lastpost thread and viewing a thread the last user was browsing, and like that.  I thought that disallowing the display of latest member would be a good thing until I discovered Google just using membernumbers.  You don't have to actually browse a board to get to the profile of membernumber.
You can PM me questions about SMF.
clistensprechen@yahoo.com  --   http://www.twitter.com/ClaraListenspre --  https://www.facebook.com/profile.php?id=683042331

Offline Mstcool

  • Member
  • Posts: 935
  • Reputation: +0/-1
    • View Profile
    • HangTime 101
Re: Advice to prevent Hacking (kind of)
« Reply #6 on: August 15, 2012, 03:53:59 am »
True. Well Said. If hackers (as guests) cant view your forum. They would sign up using a proxy and hack you website or something.

Plus yeah i know this is off topic but if a hacker is gonna sell or buy something. Make sure there full "trusted". I remember on a forum someone said that hackers are getting smarter. THe thing that the hacker did was he/sell was buy/selling something and for the vouches he/she got it from someone elses. But they didnt remove the name from the vouche so yeah
« Last Edit: August 15, 2012, 03:57:26 am by Mstcool :þ ♂ »

Offline Clara Listensprechen

  • Member
  • Posts: 65
  • Reputation: +0/-0
    • View Profile
    • Hypercrites
Re: Advice to prevent Hacking (kind of)
« Reply #7 on: August 15, 2012, 11:33:48 am »
When I was paying for a host, I had an arcade which got games from a website that required that Guests be able to play the games one obtained from its site, so although I necessarily had to permit Guest access to the board, I made an interesting discovery when doing a study of Guest/hacker activity...I mean, other than using a search engine to gain access data via board statistics. What I learned influenced how I set up my board on SMFNew.

What I learned is this: Job One for spam-hackers isn't spamming or hacking. It's data mining from member profiles. The hacking part is an incidental sport to data mining.

When I denied both Guests and newly registered members the ability to view member profiles, both hacking attempts and spammer registrations dropped considerably.  The study I did involved setting up my board to have NO boards set up with Default except two: Introductions and Spam City. A new registrant did have permission to post spam or an introduction, or both, but Spam City was invisible to people I had verified as actual people and set for them a custom profile identical to the non-Default profile I had set the other boards to.

At first I was overwhelmed with spam/hacker registrations, but only one had posted any spam in Spam City. None had posted an introduction.  After several months of this, and still without more than just one instance of spam posted, the registrations tapered off to near zero.

==========================

After thinking it through, I think I should add this editorial about SMF boardware: the people who think they've tightened up security by making SMF less flexible than the most flexible 2RC versions are misguided and have been for a long time. The Default setting for Boards continues to be and remains the worst vulnerability, not any of the "hooks" as such....and they're hostile to any criticism that runs contrary to their misguided ideas, alas. One plus for me coming to SMFNew is that I can run an SMF board because of my familiarity with its coding, but I don't have to put up with the #@!%#  the SMF developers dish out to its customers.  I note with interest that other shortcomings have stood in the way of SMFNew upgrading to the current version of SMF for its free hosted boards, since it is an acknowledgement of actual shortcomings.

SMF organization could do better, but it simply refuses to.  Okay, I'm off my soapbox.
« Last Edit: August 15, 2012, 11:51:44 am by Clara Listensprechen »
You can PM me questions about SMF.
clistensprechen@yahoo.com  --   http://www.twitter.com/ClaraListenspre --  https://www.facebook.com/profile.php?id=683042331

Offline Mstcool

  • Member
  • Posts: 935
  • Reputation: +0/-1
    • View Profile
    • HangTime 101
Re: Advice to prevent Hacking (kind of)
« Reply #8 on: August 15, 2012, 12:58:36 pm »
They are trying there best you know.

Offline Jacob

  • Community Manager
  • Support Staff
  • Posts: 2933
  • Reputation: +6/-0
    • View Profile
    • Challenging Apathy (My Site)
Re: Advice to prevent Hacking (kind of)
« Reply #9 on: August 15, 2012, 01:14:06 pm »
Well, Clara does have a good point about Simple Machines, to be honest. :P
Jacob, Senior Support Specialist
Follow me on X! | Follow me on Mastodon!

Please don't PM me for support. Post in public so everyone can benefit!

Offline Clara Listensprechen

  • Member
  • Posts: 65
  • Reputation: +0/-0
    • View Profile
    • Hypercrites
Re: Advice to prevent Hacking (kind of)
« Reply #10 on: August 15, 2012, 01:49:01 pm »
I know they're doing their best but the Default vulnerability is a problem (and remains a problem) in all versions of SMF no matter how they "improve" anything else about its coding, and a person is well advised to avoid Default on any of its boards when taking security measures against hackers.

==================================

Details about what I'm talking about...you need to create a new membergroup that is NOT part of Regular Members (unique permissions, not inherited).

Regular Members is a membergroup that has automatic Default access to any of your Boards that are set with Default Permissions, regardless of any other permission limitations you may set for that membergroup. That's the bugger which remains the hacker vulnerability in all versions of SMF to date.

Then you set up member group board permissions so that your result is as shown in the attached images. The only Boards that Regular Members have access to are the ones marked Default. The ones marked with Hypercritter permission profile are denied Default access.

Third pic shows where you go in the Members/Membergroups drop-down to create a new membergroup profile you can set your board to. Already have Hypercritters, so for illustration, creating an Elite membergroup.

Staying under the Members tab, the last pic shows what happens after you go to Board Permissions and then click on Edit All first. You then can change a board permission to match the membergroup permission set.
« Last Edit: August 15, 2012, 03:39:53 pm by Clara Listensprechen »
You can PM me questions about SMF.
clistensprechen@yahoo.com  --   http://www.twitter.com/ClaraListenspre --  https://www.facebook.com/profile.php?id=683042331

 

SimplePortal 2.3.7 © 2008-2024, SimplePortal