Hi,

I'd like to buy a license for our forum using vBulletin. But, before making decision, I want to know which support services we could have with this licence, and how about the possibilities of protection of our site from hacker attacks?

Thank you.

The onus for protecting your server is on you. If your machine is compromised at the system level, there is nothing you can do to vBulletin to stop this.

What "attacks" are you considering?

The onus for protecting your server is on you. If your machine is compromised at the system level, there is nothing you can do to vBulletin to stop this.

What "attacks" are you considering?
There're two levels of protection. On the server, it's our hosting service provider who take care of this. But if we use vBulletin, it's on this product level that the security settings must be made. I've some friends using vBulletin and their site were attacked by some hackers, using some shells installed via files/images upload way. With these shells the hackers can take admins' passwords, or replace the index files, etc. Does it mean some product apertures? So, I'd like to know if, when I buy your license, you've got methods for protection from this way of attack, or are there no such apertures in your official products...

Thank you.

I've some friends using vBulletin and their site were attacked by some hackers, using some shells installed via files/images upload way.

this is impossible via vBulletin. for any image uploaded via vBulletin, the server reprocess the image via GD or ImageMagik (your choice), so if it's not a real image, it is rejected. it's not based on a filename, but the content of the file. impossible to cheat.

there will always have some hacker cracking a website. there will always have situations where it's the admin fault if something wrong occur. and when it's the software which is in cause, the guys at Jelsoft are making sure it wont happen again but updating their software with the fix.

I've some friends using vBulletin and their site were attacked by some hackers, using some shells installed via files/images upload way.
This is caused by a modification installed, not vBulletin itself. Nothing can really help you then, as the code is not Jelsoft controlled - it is controlled by the modification author. If there are security holes within vBulletin itself, the Jelsoft team aims to provide a patch within 24 hours of them being aware of it.

Many modifications allowing you to upload files/images are unfortunately vulnerable to manipulated images.

If you are using such modifications, check if they are using the vBulletin classes for handling uploads and image processing - if not you should very very carefully check the code.

Many thanks for your clarifications. Maybe my friends had used some hacked MOD and so there were the holes in the code after these modifications.

Thank you so much.

DoS attack can still happen.

But no major damages :)