Ram8349 Posted June 8, 2012 Share Posted June 8, 2012 Since I've been hearing people saying their forums are hacked, I've been wondering... So I also run a web site with a forum. It is hosted by Hostgator. Is it safer just because the host is a big name company with good rating? Should I be concerned and take some kind of precaution? Or should I just leave the security to Hostgator? Quote Link to comment Share on other sites More sharing options...
Thomas Posted June 8, 2012 Share Posted June 8, 2012 Make sure your password is unique and not written down anywhere. You should make sure that it includes a random mix of number, letters including caps and symbols. Over 6 characets should do it. Make sure your hosting account has notifications set up for logins. Make sure your hosting account email and password is secure and unique. Make sure your permissions are set up correctly Make sure you check your logs often. Other then that you should be safe. Really if your not hosting credit card details then you should be fine. Marc 1 Quote Link to comment Share on other sites More sharing options...
dexterlablab1 Posted June 8, 2012 Share Posted June 8, 2012 You should take every security measure imaginable. Constant changing of your htaccess and administrative passwords Renaming your admin folders Constant back up of your site Spam protection to reduce brute force attempts And that's only the short list Quote Link to comment Share on other sites More sharing options...
tetutato Posted June 9, 2012 Share Posted June 9, 2012 Captcha on registration. Saves a load of troubles. Quote Link to comment Share on other sites More sharing options...
Victor Leigh Posted June 9, 2012 Share Posted June 9, 2012 That reminder about the passwords cannot be over-emphasized. I make it a mandatory rule for myself that my password must include: 1. Upper case and lower case letters 2. Numbers 3. Special characters. Also my password must be something that I can remember very easily. Nothing is more frustrating than being locked out of your own site because you have fumbled the password. Of course, the server must be set to notify you immediately when someone logs in even if that someone is yourself. I also have a couple of other third-party monitoring services to keep an eye on unusual activity on my server. On top of that, make it a point to be on good terms with everyone as far as possible. With the best security measures in place, if you have a very determined hacker, or worse yet a very determined and very aggressive group of hackers, your site is going to be hacked, sooner or later. Quote Link to comment Share on other sites More sharing options...
Ram8349 Posted June 9, 2012 Author Share Posted June 9, 2012 Are you guys all suggesting that hacked forums all had someone somehow "guessed" the administration password? Is that the only way to be hacked? Does the Host (Hostgator in this case) have their own counter-measure against the hackers and to protect their customers? Quote Link to comment Share on other sites More sharing options...
Victor Leigh Posted June 9, 2012 Share Posted June 9, 2012 Are you guys all suggesting that hacked forums all had someone somehow "guessed" the administration password? Is that the only way to be hacked? Does the Host (Hostgator in this case) have their own counter-measure against the hackers and to protect their customers? That's one way. It's probably one of the easiest way, too, because some people have absolutely no idea what to do with a password. Plus many people who are forum owners also have Facebook accounts where anyone who bothers to look it up will find personal information which is very likely to be used in the password. Quote Link to comment Share on other sites More sharing options...
Marc Posted June 9, 2012 Share Posted June 9, 2012 One that people have not yet mentioned which is usually the main source of hacking when it comes to forums and other cms software is "ALWAYS run the latest version or your software". This is one of the primary reasons people get their forums hacked as they are not fixing their security issues when informed of them. Upgrades should be done as soon as you can and security patches should be done as soon as you find out about them. Quote Link to comment Share on other sites More sharing options...
Ram8349 Posted June 9, 2012 Author Share Posted June 9, 2012 One that people have not yet mentioned which is usually the main source of hacking when it comes to forums and other cms software is "ALWAYS run the latest version or your software". This is one of the primary reasons people get their forums hacked as they are not fixing their security issues when informed of them. Upgrades should be done as soon as you can and security patches should be done as soon as you find out about them. Do you think when a new security patch is announced, it actually put the older version on greater risk by announcing the security hole to everyone? Quote Link to comment Share on other sites More sharing options...
Marc Posted June 9, 2012 Share Posted June 9, 2012 Do you think when a new security patch is announced, it actually put the older version on greater risk by announcing the security hole to everyone? I have often thought that yes. Quote Link to comment Share on other sites More sharing options...
dexterlablab1 Posted June 9, 2012 Share Posted June 9, 2012 Are you guys all suggesting that hacked forums all had someone somehow "guessed" the administration password? Is that the only way to be hacked? Does the Host (Hostgator in this case) have their own counter-measure against the hackers and to protect their customers? Sometimes, that can happen from a guess (very rare). But more often than not, cracked admin passwords come from brute force attacks. Which is why it's important to have an extremely varied password and/or change it daily. Quote Link to comment Share on other sites More sharing options...
Thomas Posted June 9, 2012 Share Posted June 9, 2012 Basic Intro To Hacking: There are 3 main steps into hacking starting with the easiest to the hardest. Guessing. Easiest way to hack someone's password is to guess. Sounds stupid but it's true. Most people use silly stupid passwords like password, name of children or birthplace. This is where you also try the normal passwords. Asking Them Again stupid; you could just outright ask someone for the password. You would be surprised about how many people are willing to give you there password. Sometimes it is just asking straight away, or needing it for a reason. Brute Force The old start with a,b,c... then aa,ab,ac... the... I am sure you get it. This is why we stop people from just filling out the login form. It is easier to do with phones/alarm codes: First, 1234 1111 2222 3333 4444 5555 6666 7777 8888 9999 0000 Second there DOB, children's birthdays , anniversary. Simple stuff like that. Third; 1111, 1112, 1113, 1114... The idea is that with the more possibilities combinations then the harder it is to guess. If you only allow 4 numbers 0-9 then that leads to 9 different conbinats 4 times. Thats 94. That is 6561 different combinations. Still think your alarm is keeping you safe? Marc 1 Quote Link to comment Share on other sites More sharing options...
tetutato Posted June 9, 2012 Share Posted June 9, 2012 For passwords, just use the password generator that they have on CPanel. Works out pretty well imo. Quote Link to comment Share on other sites More sharing options...
ridwan sameer Posted June 9, 2012 Share Posted June 9, 2012 Guys i think he's talking about his sites safety and not his password.. although his password does hvae alot to do with his sites safety Because if they hack into your account.. They have alot of access. Everything should be good on your hosts side though.. But take general backups Quote Link to comment Share on other sites More sharing options...
Marc Posted June 13, 2012 Share Posted June 13, 2012 Guys i think he's talking about his sites safety and not his password.. although his password does hvae alot to do with his sites safety Because if they hack into your account.. They have alot of access. Everything should be good on your hosts side though.. But take general backups If they have certain passwords they will have FULL access let alone a lot LOL .. And thats the ultimate security risk. Most sites get hacked not by clever people, but by users who dont think of the simple things Quote Link to comment Share on other sites More sharing options...
LiquiLayer - Brent Posted June 14, 2012 Share Posted June 14, 2012 Just keep in mind, the site is only as secure as the server it's on. If the company hosting it doesn't secure their servers properly, anything on those servers is vulnerable. Quote Link to comment Share on other sites More sharing options...
Marc Posted June 14, 2012 Share Posted June 14, 2012 Just keep in mind, the site is only as secure as the server it's on. If the company hosting it doesn't secure their servers properly, anything on those servers is vulnerable. And that my friend is why I run my own LOL Quote Link to comment Share on other sites More sharing options...
Ram8349 Posted June 15, 2012 Author Share Posted June 15, 2012 (edited) Is there some kind of security moduel you can install for your web site to increase security? I use Wordpress and MyBB. Edited June 15, 2012 by Ram8349 Quote Link to comment Share on other sites More sharing options...
dexterlablab1 Posted June 15, 2012 Share Posted June 15, 2012 Just keep in mind, the site is only as secure as the server it's on. If the company hosting it doesn't secure their servers properly, anything on those servers is vulnerable. This is an extremely good point. And one that usually goes overlooked by everyone trying to sure up their sites. There are those times that they can only do so much in terms of security and they're left up to the fates with the company's sever. Quote Link to comment Share on other sites More sharing options...
MustangV10 Posted June 20, 2012 Share Posted June 20, 2012 I don't particuarly like "big hosts". The support is never usually dedicated and the servers are usually slow and overcrowded. I've had sites hosted with HostGator and it hasn't been overly impressive. As for security: - Set up .htaccess and .htpasswd where possible (if possible) - Don't use the same admin account password anywhere else - Change your MySQL database password frequently - Run scans of your hosting account with tools such as ClamAV (if your host offer it) - Make sure you're using the correct CHMOD permissions as given by the vendor of the software. - Don't promote people to staff just so they join your forum. Quote Link to comment Share on other sites More sharing options...
Marc Posted June 20, 2012 Share Posted June 20, 2012 I don't particuarly like "big hosts". The support is never usually dedicated and the servers are usually slow and overcrowded. I've had sites hosted with HostGator and it hasn't been overly impressive. As for security: - Set up .htaccess and .htpasswd where possible (if possible) - Don't use the same admin account password anywhere else - Change your MySQL database password frequently - Run scans of your hosting account with tools such as ClamAV (if your host offer it) - Make sure you're using the correct CHMOD permissions as given by the vendor of the software. - Don't promote people to staff just so they join your forum. Depends on what you are buying. If your getting an unmanaged box who needs the support LOL Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.