How to check if forum leaks information?

fionix

Aspirant
Joined
Feb 5, 2020
Messages
14
I would like to know what you are doing to avoid leak of information from your forum.

I'm thinking about the ADD ons that we install on the forum, it may have hidden doors or send information to the author or be easy to hack for 3rd party.

Any idea how to check such issue? May there be a security / IT company you trust with such a job?

Your help would be much appreciated here.
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,507
I have an arrangement with a coder who checks all the add-ons I want to use. Failing that I suggest only using add-ons from developers who have a long-standing, proven track record and don't be one of the first to jump on something new.

I'd also shy away from coders known to use poor coding practices. This is probably more likely to get your forum compromised than a deliberate back door.

Oh and welcome to TAZ :)
 

fionix

Aspirant
Joined
Feb 5, 2020
Messages
14
Thank you for the details and the welcome.

Do you have any link to this coompany or is it just a freelancer?
 

fionix

Aspirant
Joined
Feb 5, 2020
Messages
14
Do you know about a real company or something that people trust to make such security checks and even develop ADD on's ?
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,507
Do you know about a real company or something that people trust to make such security checks and even develop ADD on's ?

Nothing specific. Which forum software are you using? It might be that another member here could recommend a service.
 

fionix

Aspirant
Joined
Feb 5, 2020
Messages
14
It is Xenforo latest version. Only 15 plugins but I know at least 1 is leaking some sort of information somehow.
 

Joel R

Fan
Joined
Nov 24, 2013
Messages
846
If you're using Invision Community, not only are all of the Marketplace files audited for basic coding standards, it's a requirement that files disclose any callbacks in the product's description. The code review by an IPS developer provides a level of trust for clients, who otherwise can't evaluate the safety of the code.
 

fionix

Aspirant
Joined
Feb 5, 2020
Messages
14
You mean I have to switch to some other forum software? if so, it is not possible at all, the forum is a large forum and old, we can't change it.

Otherwise let me know what you think.
 

fionix

Aspirant
Joined
Feb 5, 2020
Messages
14
Let's say I just know it.. there are people that can be trusted that told us it but they are not in a position to fix it for us.
 

fionix

Aspirant
Joined
Feb 5, 2020
Messages
14
If I knew which one it is then I would have removed it already.

BTW: there are plugins which were installed but which I tried to remove, they still appear on the top of the ADD ON list with an INSTALL button, is it possible to remove these too? I mean so no files are left on the server.
 

fionix

Aspirant
Joined
Feb 5, 2020
Messages
14
I just checked but negative, nothing there which may be a good thing as you ask :)

Are you representing any company or other reputable service?
 

MagicalAzareal

Magical Developer
Joined
Apr 25, 2019
Messages
758
Disable them all until further notice.

You may even want to physically remove all of them and take standard malware handling procedures.
 

User37935

Neophyte
Joined
May 4, 2011
Messages
0
This isn't a helpful thread. The OP has only just joined and is making serious allegations that some plugins are leaking information but not giving any evidence for this.
 

phatcows

Adherent
Joined
Nov 15, 2015
Messages
254
This isn't a helpful thread. The OP has only just joined and is making serious allegations that some plugins are leaking information but not giving any evidence for this.
Nothing lost, nothing gained then. Although I don't know what harm would come from listing the addons are being used, so seasoned members here can cast their eye over them and see if anything jumps out as a red flag.
 

Paul M

Limeade Addict
Joined
Jun 26, 2006
Messages
3,972
Let's say I just know it.. there are people that can be trusted that told us it but they are not in a position to fix it for us.
Well then go back and ask them how they know.
There isnt enough information for anyone to be able to help you here.
All you have really said is "you just know it". You havent even said what is leaking.
Its all very vague and generic, so all you are going to get is vague & generic responses.
 
Top