vb.org Archive
Page 5 of 9 « First 34 5 67 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin.org Site Feedback (https://vborg.vbsupport.ru/forumdisplay.php?f=7)
-   -   New 'Security Section' Proposal (https://vborg.vbsupport.ru/showthread.php?t=171853)

Boofo 03-03-2008 11:00 PM
Yes, we see enough of Nexia as it is.

iogames 03-04-2008 12:25 AM
Hopefully the Pentagon install vB as soon as possible!

Quote:
Pentagon: China trying to hack U.S. computers
WASHINGTON (CNN) -- The Chinese military continues to increase spending on efforts to break into U.S. military computer systems, expand its Navy, and invest in intercontinental nuclear missiles and weapons to destroy satellites, according to the latest U.S report on China's military power.

Last summer, a cyber-attack on Department of Defense computer systems took down the e-mail capability of hundreds of staffers for weeks, but the Pentagon still will not comment on who initiated the attack. It is widely believed among the military to have been the Peoples Liberation Army.
http://www.cnn.com/2008/US/03/03/pen...ef=werecommend

Dream 03-04-2008 05:03 AM
My site was "hacked" this year. My super moderator used the forum on a lan house and they got his password and deleted the whole forum. If it wasn't for Paul's daily backup mod I was screwed, blessed be him. But there's not much I can do about that. It freaked me out though, as I had never been hacked before. And I'm not using lan houses anymore too.

--------------- Added [DATE]1204614885[/DATE] at [TIME]1204614885[/TIME] ---------------

Actually I think Paul should quote my message in his mod release, I think that would be a good idea.

Stifler 03-04-2008 05:43 AM
3 simple rules:
1) dont give ANYONE permission to physically delete
2) keep your vbulletin patched/up-to-date
3)trust no one
-don't run brand new plugins without letting the community test it out and view the code first
-dont add moderators simply cause they ask to become one (if that wasn't obvious)
-if you don't want to pay the hired help.. change the passwords.

bulbasnore 03-04-2008 02:36 PM
Quote:
Originally Posted by legionofangels (Post 1454904)
What can we do?
Bro,

What the OP is suggesting is 'how it's done', the good guys get together and share info. I belong to a couple such groups in other domains.

If you don't personally have the skills, then hang around such a group, and you could still pick up something valuable within your skill level.

As mentioned ... best coding practices, general safeguards, security mods. These protect your site like a locking bar on your steering wheel protects your car. It keeps the casual thief/defacer out, and steers the professional thief to an easier target.

There is not really a central place to discuss those on these forums. I think vB is seemingly not a full disclosure shop, and their sensitivity on that score may prevent them from fostering such a forum.

Wise as serpents, gentle as doves, yah?

See you there or in the air,

'snore

punchbowl 03-04-2008 04:52 PM
Quote:
Originally Posted by Stifler (Post 1456527)
3 simple rules:
1) dont give ANYONE permission to physically delete
2) keep your vbulletin patched/up-to-date
3)trust no one
-don't run brand new plugins without letting the community test it out and view the code first
-dont add moderators simply cause they ask to become one (if that wasn't obvious)
-if you don't want to pay the hired help.. change the passwords.
I say make this a sticky in the new forum!

:D

magnus 03-04-2008 06:30 PM
Let's be honest, would it really matter? I'd say a large majority of the vBulletin owners here are the "click-and-play" types, who understand as much about security as they do quantum mechanics. They indiscriminately install modifications with no regards as to server load, hook conflict or, yes, even security. Most people who get "hacked" are asking for it. They're generally the forum with the more modifications installed than members.

How can one really be secure without understanding the priciples behind why what they currently have is inherently insecure. At best, you would have a forum of security suggestions where people would simply peruse the thread looking for various step-by-step instructions on how to do something -- not even understanding why it is they're doing what they're doing. I just see the whole thing as a wasted effort, really. vBulletin.org does a decent enough job of trying to keep hacks with security risks under wraps and out from public consumption -- that's really all you can ask for.

You want to be truly secure? Don't run a site. You want to be relatively secure? Run a default vBulletin installation. I'm not trying to be a prick, I'm just being honest.

iogames 03-04-2008 07:31 PM
Quote:
Originally Posted by magnus (Post 1456941)
Let's be honest, would it really matter? I'd say a large majority of the vBulletin owners here are the "click-and-play" types, who understand as much about security as they do quantum mechanics. They indiscriminately install modifications with no regards as to server load, hook conflict or, yes, even security. Most people who get "hacked" are asking for it. They're generally the forum with the more modifications installed than members.

How can one really be secure without understanding the priciples behind why what they currently have is inherently insecure. At best, you would have a forum of security suggestions where people would simply peruse the thread looking for various step-by-step instructions on how to do something -- not even understanding why it is they're doing what they're doing. I just see the whole thing as a wasted effort, really. vBulletin.org does a decent enough job of trying to keep hacks with security risks under wraps and out from public consumption -- that's really all you can ask for.

You want to be truly secure? Don't run a site. You want to be relatively secure? Run a default vBulletin installation. I'm not trying to be a prick, I'm just being honest.
So you have never been hacked? honestly..?

magnus 03-04-2008 07:58 PM
Quote:
Originally Posted by iogames (Post 1456985)
So you have never been hacked? honestly..?
To what degree? Have I suffered data loss due to an exploit? No, never.

Regardless, what does this have to do with the issue at hand? The current state of security of my own personal sites has nothing to do with a public discussion/repository for security related topics. If any of my sites are compromised, I can immediately reference my logs, find out what happened, and either patch the exploit or take it offline for further review.

Could you say the same?

My point being, a vBulletin-focused security discussion isn't inherently a bad thing -- but it's not going to accomplish what many think it will. If you want to keep up to date on security issues, subscribe to Bugtraq. Consider getting a basic grasp of PHP, so you can skim through the multitude of hacks before installing to look for basic security risks -- such as unsanitized inputs. Be proactive.

iogames 03-04-2008 08:17 PM
Quote:
Originally Posted by magnus (Post 1457012)
My point being, a vBulletin-focused security discussion isn't inherently a bad thing -- but it's not going to accomplish what many think it will. If you want to keep up to date on security issues, subscribe to Bugtraq. Consider getting a basic grasp of PHP, so you can skim through the multitude of hacks before installing to look for basic security risks -- such as unsanitized inputs. Be proactive.
So it's better to have nothing that something, that is what you said?

p.s. Thanks for your time


All times are GMT. The time now is 10:25 AM.
Page 5 of 9 « First 34 5 67 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01841 seconds
  • Memory Usage 1,752KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (6)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete