Unique software lets us do unique things.
- Embed your forum anywhere
- Experience speeds never before possible
- 99% of automated spam is prevented
- Join multiple forums with only one account
Why Joe the Hacker is not a concern
A common sight on forums is a disgruntled juvenile threatening to "hack" your forum. This article serves to address some falsehoods about forum hacking and will hopefully help you sleep better.
A forum can't just be "hacked" without a vulnerability. A vulnerability is a security hole in your forum software, server, forum admin/moderator accounts, or other third-party software hosted on your server.
Vulnerabilities, especially in open source software, happen. To stay safe you want to stay up to date with any security updates for any programs you have on your server. Subscribe to feeds, newsletters, etc for the software you use and be sure to apply any fixes as soon as possible. You also want to make sure you have your forum setup properly with secure passwords, folders with proper permissions, etc.
If your systems are fully secured, the only way a "hacker" will get into your system is with a password. Passwords are either guessed or "found". If you register at a website that doesn't properly encrypt your password, and they have a security breach, you are now at risk. Someone can take this data, log in to your email, see you own a forum, reset a password, and they are in. Worse yet, this applies to anyone with administrator or moderator powers. You may make every effort to secure your passwords but if someone else on your team doesn't, you are at risk. Additionally, if any of these passwords are easy to guess, someone may find there way in anyways.
To avoid having your forum compromised the following is recommended:
- Require anyone with advanced powers on your forum to have a secure password consisting of at least case changes and numbers (this is also extremely effective if a site is maliciously trying to deceiver your password by using MD5 hash databases to perform a "reverse lookup" on your encrypted password).
- Force regular password changes every month. Make sure people aren't just adding the number of the month to the end of their password; this is the first thing someone will try if they know you have this rule in place.
- Have a "Founder" rank that no other admins can touch (like on phpBB)
- Require multiple admins, or founder to do remove other admins, remove forum categories, etc.
- Use different passwords for different sites you go to. This way if another site is compromised you're still safe.
- Set it so forum moderators can't actually delete posts, only move them to a trash bin.
The best way to protect your forum is always to keep regular backups. Take them daily and take them religiously. This way, if you ever have run into an issue you won't have to fall far before you back on your feet.
The average forum will not have to worry about "hackers" if they keep the above in mind. This isn't to say you are completely safe from having your forum compromised, but it serves to show that if someone is threatening to hack your forum, they probably would have done it already if they have the information they needed. Simply going through the steps above will thwart a would-be hacker even if they do have someone's password.
Author: Chris Davis
Article Usage: Copyright © 2009 sparkBB, LLC. Copying and/or redistributing this article, in whole or in part, is not permitted. Direct linking is permitted.
Simple link: Why Joe the Hacker is not a concern
Link & description: Why Joe the Hacker is not a concern - Are you losing sleep over hacking threats? This article serves to correct common misconceptions about forum hacking.