Site Security Keeping Your Community Safe from Hackers and Other Unwelcome Visitors.

Thread Tools

Old 03-09-2012, 05:14 AM
Jare Jare is offline
TAZ Rookie
Real Name: Jake
Join Date: Feb 2012
Admin Experience: Intermediate
Posts: 17
Jare is on a distinguished road
Default Fully Secure Site
Hey guys, I am running vBulletin 4.1.9 and basically I want to scan it for vulnerabilities.

I want to go far more in-depth than Acunetix will allow, as there are individuals in our community going around, hacking 30+ sites at a time, by rooting their servers.

What is the best method to ensure this doesn't happen to me?
Reply With Quote
Old 04-01-2012, 06:05 PM
Guerrera's Avatar
Guerrera Guerrera is offline
TAZ Regular
Join Date: Mar 2012
Admin Experience: Intermediate
Posts: 74
Guerrera is just really niceGuerrera is just really nice
I've never used any off-the-shelf CMS before so I can't comment on how structurally secure their programming is (I'm assuming it's top notch) but it's very VERY difficult to mitigate a hack attempt because of the wide variety of methods that hackers are using. I mean sometimes remarkably inventive methods.

I can only give you a few pointers:

Generally if you're using an off-the-shelf CMS, there won't be too many vulnerabilities present. But you have to watch what kind of third party software you integrate into your site because anything that breaks the CMS processing even the slightest bit can be a potential vulnerability to exploit.

Watch the kind of database calls your plugins are making, make sure there's no leakage or memory overflow that they can exploit to send your CPU or memory into overdrive. Do some profiling in Apache/LS if you have to.

Then of course, you have to make sure that whatever plugin you use conforms to the standard SQL cleansing and data validation techniques. Make sure you look at every angle, analyse every possible scenario and come up with another 'if' condition to tackle it. Hackers are inventive.

Be wary of any point where a user is able to upload data to your server. HTTP forms can be manipulated, they can be truncated and messed around with and they will do that until they figure out a unique set of variables that breaks your software. Don't let that happen. Invalidate all incomplete or strange HTTP POST requests.

Secure your root. Secure any cross-domain links you have. If you're using MYSQL or the like, place your connection include files outside the public_html directory. It just adds extra protection.

Log.. log log EVERYTHING. Even if you think you'll never need it, it's invaluable if you suffer a massive attack. You can peruse those logs to determine where and how hackers managed to penetrate your system and then work on rebuilding that portion of your site.
Rant Mode Engaged
Reply With Quote
Old 04-09-2012, 09:48 PM
webdev123 webdev123 is offline
TAZ Regular
Real Name: Sonny
Join Date: Mar 2012
Admin Experience: Advanced
Location: Florida
Posts: 59
webdev123 is on a distinguished road
Guerrera pretty said it all...the most important I think you can do is Log everything. Moderator logs will help you out.
Reply With Quote
Old 04-12-2012, 04:49 PM
RiverJ RiverJ is offline
TAZ Regular
Real Name: River
Join Date: Sep 2011
Admin Experience: Intermediate
Posts: 49
RiverJ will become famous soon enough
No such thing as a fully secure site. New ways to hack will always be coming out, there's nothing you can do about that. You need to stay up-to-date with the latest vulnerabilities. Usually, forums aren't hacked if the admin accounts are not keylogged and the chmod settings are right.
Legit vB4 gaming forum
Reply With Quote

  Admin Zone Forums > The Community Zone > Managing an Online Community > Site Security

Currently Active Users Viewing this Thread: 1 (0 members and 1 guests)
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fully Fluid? Noles Suggestions | Feedback | Support 10 12-12-2009 09:11 PM
Is my site secure? shartwell Site Security 3 02-01-2009 02:12 PM
New Fully Modded phpBB 2 fullymodded phpBB 12 05-09-2008 06:43 AM
Keeping my Site Secure Hoodstar Site Security 1 09-26-2007 08:57 PM


All times are GMT -4. The time now is 09:30 AM.

Powered by: vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Page generated in 0.04977608 seconds with 15 queries
The Admin Zone copyright 2003-2014 All Rights Reserved. Content published on The Admin Zone requires permission for reprint.