Some forum is talking about a brute force attack on my forum.

[Xride]

Htaccess the directory, but any password past 8 characters is a waste, as it doesnt read past the 8th one.
Use upper and lower case, and put an odd charator in there, something like a # ~ + } should make it almost impossible to ever guess what it is, and trying to brute force it will take weeks. and it wont take long for you to figure out where the attack is coming from and block the IP from the server directly as an other member here suggested.

But good luck, hope you make it though this unscaved.

[MaDCaT75]

Thank you for all your tips and support. I appreciate it.

[Dave#]

I'd use apache rather than hacking the app

<Location /admin>
Order Allow,Deny
Deny from all
Allow from myipaddress myotheripaddress mybackupipaddress
</Location>

[Catch-22|BL]

Is it just random posters or the actual staff of a different message board? If it is just random people, try using diplomacy with the staff of the board and resolve the problems peacefully.

Regardless, it is always good to increase security so please use some of the things that people have already suggested. Administrators owe it to their communities to take such reasonable measures.

[magnus]

Quote:

Originally Posted by Mist

Hackers are people I have zero respect for.

Hrm.. people/businesses pay me to hack into their systems to expose security vulnerabilities. I attempt to hack almost every forum, website, shell, etc.. I come across to uncover unknown exploits so I can report them to BugTraq so the software developers can issue patches and fixes.

Without these "hackers" you have no respect for, the quality of software security would fall into oblivion. These same hackers are the reason vBulletin is as secure as it is today.. something worthy of respect, if I do say so myself.

Hackers help raise the bar for security. Someone brute forced your password? Serves you right.. how many times have you been told/read that you should not use a common word found in a dictionary. Got nailed by a buffer overflow exploit? Maybe you should keep your software updated.. patches/updates are released for a reason.

Of course, none of my hacking tactics are used for malicious intent. I do not deface/delete/modify/etc.. any of the server/site content. I simply inform the administration of the methods used to obtain entry as well as provide a link to a recommended fix.

Lumping "Hackers" into your zero respect clause is naive and insulting to those of us who better your internet-lives.

Just my $0.02.

[Dean C]

Perhaps I should rephrase then. The meaning behind that comment was idiots like what's going on with the vB sites right now and those intent on hacking to cause harm. We can't explain our words perfectly all the time.

[Chris Gwynne]

Ler him attack your site, it's fun to see what hackers put as their attack message.

[MaDCaT75]

They are no longer a threat.... it was all hot air I found out.

[ajk]

Quote:

Originally Posted by Mist

I say we don't. Actions such as this are completely illegal and discussion of them will not be tolerated in jest or in seriousness. Hackers are people I have zero respect for. But in regards - .htaccess the admin and mod directories with as difficult and as long a password as you want it to be. And make sure you add some of the administration protection hacks that we have here. That way you can't be demoted as administrator. Also take backups. I doubt if they'll do this but it's best to be safe than sorry

I agree with Mist. I was hacked and destroyed by code kiddies with nothing better to do.
All that because I used another BBS and gave some kids free web space to help them out.

I say leave it alone and block the guys.