|
-
November 13th, 2003, 03:58 PM
#1
Junior Member
-
November 13th, 2003, 04:30 PM
#2
Hi, and welcome. I just re-read your welcome post, and you indicated that you were already the victim of hacking attempts? Just to clarify your situation a little, and allow us to help you...
What kind of hacking attempts?
Have they been successful?
I did the following Google:http://www.google.com/search?sourcei...phpbb+exploits
There's quite a few potential problems listed... one that might be pertinent to your problem is:
http://www.k-otik.com/exploits/06.20.phpBB.2.0.5.pl.php
It also goes without saying that windows has a few potential 'holes" (lol...but I said it anyway)
-
November 13th, 2003, 04:36 PM
#3
I'm not into web development... but it would make sense to me:
Look at secuirty sites and see what they use for their forums... like AO uses vBulletin. I'm not sure if its free or not.
Or, look at all the options and search for vulnerabilites for that specific version. The longer its been around, the better... as people would most likely have been looking for vulnerabilites. If its new, there is a possiblity that people are trying to find/exploit it right now and they didn't get the usual bugs worked out yet.
http://www.securityfocus.com/bid
Read documents on how to secure php...
http://www.securityfocus.com/infocus/1706
Look at other things that might be used along with it...
If you use MySQL, then read
http://www.securityfocus.com/infocus/1726
If you use Apache, then read
http://www.securityfocus.com/infocus/1694
If you use IIS, then read
http://www.securityfocus.com/infocus/1312
You get the point.
As far as using XP's no frills firewall... I wouldn't use it as you can only block incoming connections. If you were worried about a keylogger and it reporting back, the XP firewall won't stop that traffic. You're going to need something a little more advanced for that.
I personally use Norton Internet Security/NAV 2k3. It is easy to use, understand and configure. It will alert you to any new programs trying to access the net, and prompt you to let them go, or block them.
In addition to NIS/NAV2k3, I use ACLs on my router, and a linux box with ipchains.
Three firewalls for protection? Yes... I'm parinoid I guess. I don't want anyone getting a hold of my pr0n collection... 
j/k I just feel more safe, I guess.
One of the most important things you can do is keep everything up2date. Your OS, AV, Forum software, etc.
RegProt is also a nice little utility. It will alert you to and prompt you to accept/deny adding new entries to the registry... as that is a popular means of restarting apps after reboot... it is worth looking into. Just kill it when you are installing updates or software, cause you'll get a boatload of "alerts".
http://www.diamondcs.com.au/index.php?page=regprot
There are TONS of little utilites that you can use if different circumstances... so if you have a specific need... let us know.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
November 14th, 2003, 12:03 AM
#4
Junior Member
well i would suggest using phpbb at http://www.phpbb.com the forum is free and all u do is upload it onto your server and u manage it completely. The only way someone could get to it was if they had acces to ur shell.
[shadow]NorthernLytes[/shadow]
NorthernLytes Raves  [glowpurple]Go to my website! u wont be sorry![/glowpurple]
-
November 14th, 2003, 09:25 AM
#5
Junior Member
Hi, and welcome. I just re-read your welcome post, and you indicated that you were already the victim of hacking attempts? Just to clarify your situation a little, and allow us to help you...
Well there are about 5 or six animal forums, mainly focussed around dogs, mine being the only one open to horses, cats, budgies or heck you name it I'm sure you get the idea Not long ago now 2 or more persons who had fallen out with one forum managed to get hold of passwords for one of their mods and released things posted on their confidential forum (very interesting it was too!!!!). Since then another forum was hacked and 3 topics erased, another forum has also been attacked and here personal PMs of the admin has been accessed some of which contained personal information.
I did have a rather clumsy attempt to get into my machine, but I HAVE grown paranoid as h*ll now... especially as one of the other forums was hacked again last nite and the nite before...
So there you go, the story behind it all
I might look into vBulletin, I'm not aware of any of the other boards i know using it...
And thanks NorthernLytes but I am already on that forum (phpBB, it's what i use now) I tend to find that frankly they are more concerned with working out minor bugs or talking complete programming gibberish at me, which is fine if you're not really a hardware engineer who just got mugged into running an animal rescue site LOL But there are definitely some good suggestions here I will look into
Anyway shall keep you updated, and definitely look into getting that other firewall
Blessings
T
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
General advice...
)
Reply With Quote
