View Full Version : Security Measures?
flnz400
06-02-2008, 12:02 PM
My board was hacked yesterday, and they somehow made the jump from my acp to ftp/cpanel...dunno how yet.
Are there any other security measures that I can add besides a captcha upon signup to get rid of a lot of the bots?
Also, I'm upgrading to 3.7 from 3.6.8 as we speak, so I'm assuming that will help a bit, no?
Thanks!
Marco van Herwaarden
06-02-2008, 12:07 PM
Please read the following thread on how to improve security for your board:
http://www.vbulletin.com/forum/showthread.php?t=194701
PS If they can access your FTP/cPanel then you should contact your host and let them review the situation.
Princeton
06-02-2008, 12:07 PM
to be safe - I suggest changing all your passwords (admincp/ftp/etc).
check for files that you did not upload and check each file for edits
Alfa1
06-02-2008, 12:20 PM
- Better contact your hosting company and ask them to up the servers security. This should not be just one phonecall, but a process of making your security better. You will probably find how good or bad your hosting co is.
- Study phpinfo.php to see what you have turned on. Ask your host to shut down anything that you do not need.
- Make sure that you do not have any directories accessible, writeable or executable for the public that should not be.
- Make sure all software on your server is up to date. Old software often has exploits.
- See if you can find someone that is versed in IT security or hacking and let them examine your site's security holes.
- Study your server's logs and your admin logs. IP ban problematic IP's.
- If your server can be overloaded easily, then consider blocking the FTP and pop3 service for all but your IP's.
- Learn from every attack. Find out what has gone wrong. Solve the problem and wait for the next attack.
- Keep an eye on whos online during attacks and ban the hackers accounts.
- Make your staff switch passwords regularly
- Do NOT under any circumstance allow your staff to have hotmail, yahoo or Gmail accounts.
- Make your staff aware of page spoofing. Page spoofing is the simplest method for hackers to get your password. So in other words: never log in on a page, that you have arrived at, following a link sent to you.
flnz400
06-02-2008, 01:01 PM
Thanks, great tips!
vBulletin® v3.8.12 by vBS, Copyright ©2000-2025, vBulletin Solutions Inc.