How to check if forum leaks information?

[fionix]

I would like to know what you are doing to avoid leak of information from your forum.

I'm thinking about the ADD ons that we install on the forum, it may have hidden doors or send information to the author or be easy to hack for 3rd party.

Any idea how to check such issue? May there be a security / IT company you trust with such a job?

Your help would be much appreciated here.

 

[zappaDPJ]

I have an arrangement with a coder who checks all the add-ons I want to use. Failing that I suggest only using add-ons from developers who have a long-standing, proven track record and don't be one of the first to jump on something new.

I'd also shy away from coders known to use poor coding practices. This is probably more likely to get your forum compromised than a deliberate back door.

Oh and welcome to TAZ

 

[fionix]

Thank you for the details and the welcome.

Do you have any link to this coompany or is it just a freelancer?

 

[zappaDPJ]

Do you have any link to this coompany or is it just a freelancer?

He's actually a lecturer I've known for around 20 years. I doubt he's take on any extra work during term time.

 

[fionix]

Do you know about a real company or something that people trust to make such security checks and even develop ADD on's ?

 

[zappaDPJ]

Do you know about a real company or something that people trust to make such security checks and even develop ADD on's ?

Nothing specific. Which forum software are you using? It might be that another member here could recommend a service.

 

[fionix]

It is Xenforo latest version. Only 15 plugins but I know at least 1 is leaking some sort of information somehow.

 

[Joel R]

If you're using Invision Community, not only are all of the Marketplace files audited for basic coding standards, it's a requirement that files disclose any callbacks in the product's description. The code review by an IPS developer provides a level of trust for clients, who otherwise can't evaluate the safety of the code.

 

[fionix]

You mean I have to switch to some other forum software? if so, it is not possible at all, the forum is a large forum and old, we can't change it.

Otherwise let me know what you think.

 

[mysiteguy]

It is Xenforo latest version. Only 15 plugins but I know at least 1 is leaking some sort of information somehow.

Question... how do you know this?

 

[fionix]

Let's say I just know it.. there are people that can be trusted that told us it but they are not in a position to fix it for us.

 

[doubt]

Only 15 plugins but I know at least 1 is leaking some sort of information somehow.

Remove it immediately.

 

[fionix]

If I knew which one it is then I would have removed it already.

BTW: there are plugins which were installed but which I tried to remove, they still appear on the top of the ADD ON list with an INSTALL button, is it possible to remove these too? I mean so no files are left on the server.

 

[doubt]

If I knew which one it is then I would have removed it already.

Anything from Brivium?

 

[fionix]

I just checked but negative, nothing there which may be a good thing as you ask

Are you representing any company or other reputable service?

 

[doubt]

It's good.

No, I'm not.

 

[MagicalAzareal]

Disable them all until further notice.

You may even want to physically remove all of them and take standard malware handling procedures.

 

[User37935]

This isn't a helpful thread. The OP has only just joined and is making serious allegations that some plugins are leaking information but not giving any evidence for this.

 

[phatcows]

This isn't a helpful thread. The OP has only just joined and is making serious allegations that some plugins are leaking information but not giving any evidence for this.

Nothing lost, nothing gained then. Although I don't know what harm would come from listing the addons are being used, so seasoned members here can cast their eye over them and see if anything jumps out as a red flag.

 

[Paul M]

Let's say I just know it.. there are people that can be trusted that told us it but they are not in a position to fix it for us.

Well then go back and ask them how they know.
There isnt enough information for anyone to be able to help you here.
All you have really said is "you just know it". You havent even said what is leaking.
Its all very vague and generic, so all you are going to get is vague & generic responses.