Results 1 to 5 of 5

Thread: General advice...

  1. #1
    Junior Member
    Join Date
    Nov 2003

    Talking General advice...

    Well if you read my "Hello this is me" kinda post then you might recall I run a web site... if not... well i do

    Now after lots of recent security problems on other similar sites I have tried to make the thing as secure as I possibly can by myself. What I was wondering was if anyone here could advise me on what forum software (free please ) is the most secure in your experience. And What would be the best way of making it and the main site as secure as possible?

    The Site is hosted by www.topclasshost.com if you want to look at the specs of their servers, and the forum software I currently use is phpBB. At home I have endavoured to make things as saef as I can on a budget with XP firewall and NA 2002 (or is it 3... hmmmm will have to check tonight) which is auto updated and runs every day. I will how ever go and have a look at that firewall you lot keep recommending as I am sure the quickest way in is through keystroke loggers on users machines rather than actually hack the forum. But I coul be wrong... Anyway according to symantecs online tool my machine at home is stealth on everything it throws at it...

    So oh great guru's of security! I'm all open to suggestions (about security!!! )

    Bright Blessings


  2. #2
    Senior Member
    Join Date
    Aug 2003
    Hi, and welcome. I just re-read your welcome post, and you indicated that you were already the victim of hacking attempts? Just to clarify your situation a little, and allow us to help you...

    What kind of hacking attempts?
    Have they been successful?

    I did the following Google:http://www.google.com/search?sourcei...phpbb+exploits

    There's quite a few potential problems listed... one that might be pertinent to your problem is:

    It also goes without saying that windows has a few potential 'holes" (lol...but I said it anyway)

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    I'm not into web development... but it would make sense to me:

    Look at secuirty sites and see what they use for their forums... like AO uses vBulletin. I'm not sure if its free or not.

    Or, look at all the options and search for vulnerabilites for that specific version. The longer its been around, the better... as people would most likely have been looking for vulnerabilites. If its new, there is a possiblity that people are trying to find/exploit it right now and they didn't get the usual bugs worked out yet.


    Read documents on how to secure php...

    Look at other things that might be used along with it...

    If you use MySQL, then read

    If you use Apache, then read

    If you use IIS, then read

    You get the point.

    As far as using XP's no frills firewall... I wouldn't use it as you can only block incoming connections. If you were worried about a keylogger and it reporting back, the XP firewall won't stop that traffic. You're going to need something a little more advanced for that.

    I personally use Norton Internet Security/NAV 2k3. It is easy to use, understand and configure. It will alert you to any new programs trying to access the net, and prompt you to let them go, or block them.

    In addition to NIS/NAV2k3, I use ACLs on my router, and a linux box with ipchains.

    Three firewalls for protection? Yes... I'm parinoid I guess. I don't want anyone getting a hold of my pr0n collection...
    j/k I just feel more safe, I guess.

    One of the most important things you can do is keep everything up2date. Your OS, AV, Forum software, etc.

    RegProt is also a nice little utility. It will alert you to and prompt you to accept/deny adding new entries to the registry... as that is a popular means of restarting apps after reboot... it is worth looking into. Just kill it when you are installing updates or software, cause you'll get a boatload of "alerts".


    There are TONS of little utilites that you can use if different circumstances... so if you have a specific need... let us know.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Junior Member
    Join Date
    Sep 2003
    well i would suggest using phpbb at http://www.phpbb.com the forum is free and all u do is upload it onto your server and u manage it completely. The only way someone could get to it was if they had acces to ur shell.
    NorthernLytes Raves [glowpurple]Go to my website! u wont be sorry![/glowpurple]

  5. #5
    Junior Member
    Join Date
    Nov 2003
    Hi, and welcome. I just re-read your welcome post, and you indicated that you were already the victim of hacking attempts? Just to clarify your situation a little, and allow us to help you...
    Well there are about 5 or six animal forums, mainly focussed around dogs, mine being the only one open to horses, cats, budgies or heck you name it I'm sure you get the idea Not long ago now 2 or more persons who had fallen out with one forum managed to get hold of passwords for one of their mods and released things posted on their confidential forum (very interesting it was too!!!!). Since then another forum was hacked and 3 topics erased, another forum has also been attacked and here personal PMs of the admin has been accessed some of which contained personal information.

    I did have a rather clumsy attempt to get into my machine, but I HAVE grown paranoid as h*ll now... especially as one of the other forums was hacked again last nite and the nite before...

    So there you go, the story behind it all

    I might look into vBulletin, I'm not aware of any of the other boards i know using it...

    And thanks NorthernLytes but I am already on that forum (phpBB, it's what i use now) I tend to find that frankly they are more concerned with working out minor bugs or talking complete programming gibberish at me, which is fine if you're not really a hardware engineer who just got mugged into running an animal rescue site LOL But there are definitely some good suggestions here I will look into

    Anyway shall keep you updated, and definitely look into getting that other firewall



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts