What additional measures have you taken to ensure the security of your board and its private forums? How do you know people browsing your private forums are really who they are and not just some hacker that got a hold of their password?

Hmm good point.

I have got my AdminCP secured with .htaccess
Maybe a good hack request:

-> Grand users access to subforums by IP adres..... ;))

The host based security is a good option, but it may be somewhat impractical. I have moderators who are on dialup and have 200+ IP addresses. And sometimes these IP addresses span over several class C IP's.

And for the people with non static IP addresses?
Or for those people who log in from several computers? ;)

Well ok, logical, i thought about that before posted.
But you can gain access for the ones only wich are using one IP (look @ their ip @ userCP)........

Give access by user id isn't that secure either........or make a password on it :/ That's actually the only option missing in vB:
a passsword to set on a forum, in all other forums there is one :)

There is a hack by Shaolyen that allows you to password protect your forums: https://vborg.vbsupport.ru/showthread.php?s=&threadid=50012

Daily (sometimes more) backups of the database so it won't be a tragedy should WDF be completely screwed. Also .htaccess.

Most importantly I don't let my vB version rot away into the realm of obsolesence.

Can you give me an example of the .htaccess based security?

At WDF there's a tool that makes a .htaccess and .htpasswd file for you; http://www.webdesignforums.net/ , .htaccess generator in the dropdown.

So....the file .htaccess goes into the dir you want to protect and the .htpasswd goes under the webroot???

Yes to the first part, go through the Generator to get the second part (you can make it whateve ryou want).

Thanks Filburt. :) I signed up on your board. And I got the files from the pulldown. :)

But, going back to the topic, what else can be done for securing a board?

Several JAVA logins behind eachother? :P
Well, there are many ways to secure, per haps make a second login or something. so ppl have to login with 2 different passes before they get access :|

What kind of information are you trying to hide?
If your not the CIA or have trade secerts on your board.. do you really need multiple login scripts with password protected everything?

Change the directory of the admin cp to something REALLY hard to guess :)

- miSt

^ thats a good idea...ive done the same, also i have it password protected aswell as some other goodies :)

the only security problem most people have is the people who they give access too. you can't hack a vb password and 9x's out of 10, the reason for unauthorized access is someone giving out their own pass or sharing info that is supposed to be private...or someone w/ a really easy pw thats easy to guess...