My forum was "hacked"
Hello Forumotion Users,
In this tutorial, I will explain what being hacked means, what you can do to prevent it, and what you should do if you were hacked.
I. Forum Security
Here are all of your important security settings,
For the best possible security for your forum, please use the following settings.
Confirm password to administration access: Yes
If someone tries to hack your forum and they get your password because of a lucky guess, this can help stop them. For one, if the hacker doesn't write down the password or remember it, they can't do anything really harmful. Second, you can see if someone else logged in by scrolling down in the security tab.
Disallow "Send by email a new password" to administrators and moderators: Yes
This item disallow the use of 'I forgot my password' for administrators and moderators.
It is advised to activate it (if you are sure to not forget your password...).
You can always modify your password in 'Profile'.
This should definitely be activated. This way, if a hacker has access to your email, he can't use the "Forgot Your Password?" link to reset your password. If you are worried that your moderators might forget their password, add them on a social site for easier contact.
Disallow moderators to ban members: No
If your moderators witness strange activity or spam, they should be able to ban the poster. This is really pretty self-explanatory.
Allow moderators to see the hidden users: Yes
If a hacker joins your site and changes his preferences to hidden, then only admins will be able to see them. I would change this so all staff members can notice if something is wrong and then act on it.
Automatic daily forum backup: Active
This is the biggest part of your forum security. If a hacker deletes your forum, you can restore everything if the forum backup is active. If you want to change the forum backup, please visit the ForuMotion Utilities.
IP address accounts creation limit, for each 24 hours:
I would set this to 2 or 3. This way, a hacker can only make 2-3 accounts, so once you ban him/her, she/he can't register anymore. You could also just ban his/her IP address so no more accounts can be made.
II. What "hacking" is
A lot of people think that being hacked is when someone threatens their forum or spams the forum. Being hacked means they destroy your forum and/or change it to whatever they want. I would just like to let you guys know that this isn't possible on ForuMotion forums. People say they will break into your forum all the time, but they can't do that unless they know the admin password.
III. Other precautions
Of course, there are some other precautions you can take to make sure your forum doesn't get hacked. Change your password at least once a month to keep the hackers guessing. Also use passwords that are specific to your interests and not something like admin123. Try to use other symbols such as !, @, %, +, etc. so that your password won't be easy to guess. Also try using 0 instead of O, 1 instead of I, etc.
When hiring staff members for your forum, if you can, visit applicants websites to see if they are trustworthy. If you see a site that is well run, you can most likely trust that person. However, if someone gives you a faulty link, you might want to think twice about hiring him/her as a moderator.
Another option is to make users check their email for a confirmation link. This way, a hacker can't register over and over again without providing a valid email address.
You could also open up a thread in your staff section for staff members to report any suspicious activity so everyone can be alerted.
Never provide your password to anyone, even if this person claims being part of our forum hosting or the ForuMotion staff! Besides your forum, only the rescue tools ( http://www.forumotion.com/en/utils/ ) require the use of your password.
Be careful of using Hotmial, Live, or even yahoo emails. They tend to get hacked really easy. The best email services I recommend is Lavabit.com or Gmail.
Remember that you are in control, no one else. If you feel your site is being threatened, you can always close the forum for construction so no one can view the forum.
III. Useful links
Updated August 29, 2010 ~ MrMario
|This tutorial was written by KingOfSports of the Forums Forum and posted by MrMario.|
No possible reproduction without our agreement, pursuant to article L122-1 of the intellectual property code.
Join date: 2008-06-10
Permissions in this forum:You cannot reply to topics in this forum