Activity Stream
48,167 MEMBERS
6961 ONLINE
besthostingforums On YouTube Subscribe to our Newsletter besthostingforums On Twitter besthostingforums On Facebook besthostingforums On facebook groups

Page 1 of 4 123 ... LastLast
Results 1 to 10 of 38
  1.     
    #1
    Member
    Website's:
    litewarez.net litewarez.com triniwarez.com

    Default Security Thread, Get/Post your tips here!

    Ok it seems like this hacker is causing alot of ripples in the scene so i think its about time sort this niggah out!

    What this thread can be used for is to post how you got hacked and what you did to prevent it agian! This way other users can learn the tips and tricks on how to make it harder to get hacked by these script kiddies!

    So if your gonna post then please post about 1 of the following:

    • If you got hacked (How they got in) - (and how you patched it)
    • Security Tips! (such as tips about upload forms password areas) etc
    • Any tips regarding lnux security for VPS/DEDI servers
    • Bugs you may have found in Forum software!
    • Any other things related to this matter



    --

    My Tips!
    1. **Make sure your server passwords are not used elsewhere!**
    2. Sucure any private directories by ip whitlist Google
    3. In php always secure your inputs with mysql_real_escape_string Tizg - PHP
    4. NEVER TRUST YOUR USERS, JUST ACT LIKE YOU DO
    5. If you have register globals on make sure you De-register globals PHP
    6. Make sure you change the defualt port for your Direct admin or Cpanel
    7. In you admin remove the DROP rights for your database username Cpanel
    8. If self built system like LW, make sure you salt all user/admin passwords with a md5
    9. Disable the usage of php files within a upload directory with php (Help stop shells)
    10. Change the location of phpmyadmin to something more secure!
    11. Dont add mysql/file editors on your server, download and uplaod via ftp and us phpmyadmin
    12. Research about shells (Understand what they am and how hackers get them on your site).
    13. Most forum scripts allow you to change your admin location so do that
    14. If you renamed your admin, remove links from index to your admin when your logged in so you have to go to the url and know the directory.
    15. Remove index visibility by adding -Indexes to your htaccess
    16. If you have to exchange passwords with other people! do it over msn and not in PM'S!
    17. NEVER use nulled scripts unless they have been nulled by a friend for you personally
    18. If using a DGT Nulled release always remove validator.php


    Other User Tips!
    1. Stay up dated with your web software updates!
    2. DO NOT use the same password!
    3. Find a host that has a reputation with everyone and ask them about there security on the server.
    4. do not go for a host which offeres amazingly cheap prices for high spec'd plans as i have said they are just wanting to make a quick bit of money and dont care about what they do, so security is most probably not that important.
    5. do not let anybody know your passwords as that person could be a fool and get hacked and have your info in there private messages etc.
    6. USE YOUR BLOODY BRAIN AND GET SOME COMMON SENSE!


    Browser Specific tips
    1. Try not to save important passwords in your browser
    2. Use keyscrambler addon for Firefox.
    3. Every time you leave your pc, do CTRL + SHIFT + DEL to clear your passwords etc.
    4. keep your browser up to date.


    General Fourm tips
    Secure your Forum - Thanks to DeLeTeD

    VBulletin Specific tips
    1. Rename config.php file (http://www.vbulletin.org/forum/showthread.php?t=198856)
    2. Secure yourself and set up as super administrator (Click here)


    PhpBB Specific tips
    If you have tips for here please PM or post them

    Server(Non Shared) Specific tips
    1. install CSF Firewall, it's not the best, but by far the easiest to use and learn. Also, follow the guides that come with it.
    2. Disable the directory "/cpanel" AND change the cpanel access port (this includes Direct-admin)


    Updated : 10, June, 2010
    litewarez Reviewed by litewarez on . Security Thread, Get/Post your tips here! Ok it seems like this hacker is causing alot of ripples in the scene so i think its about time sort this niggah out! What this thread can be used for is to post how you got hacked and what you did to prevent it agian! This way other users can learn the tips and tricks on how to make it harder to get hacked by these script kiddies! So if your gonna post then please post about 1 of the following: If you got hacked (How they got in) - (and how you patched it) Security Tips! (such as Rating: 5
    Join Litewarez.net today and become apart of the community.
    Unique | Clean | Advanced (All with you in mind)
    Downloads | Webmasters


    Notifications,Forum,Chat,Community all at Litewarez Webmasters


  2.   Sponsored Links

  3.     
    #2
    Member
    Website's:
    st0ned.net
    warezlife.org got hacked seems like badb0y hacked sonic's account and mines on KWWH

    btw i have changed all my password of my sites where im registered.
    i just cant understand how he hacked me?

  4.     
    #3
    Member
    Website's:
    litewarez.net litewarez.com triniwarez.com
    Ok Justice so you have used teh same passwords on KWWHunction as you have on your server and other forums!

    The reason why this is bad is because if another forum gets hacked they have your details for that forum that can easily be decrypted!

    then once decrypted they can try them on your emails (witch will have other account details) and then login to places like KWWH and read your PM for when your swapping server details there

    I belive this is Database Jumping as your DB is now in the hands of the hacker and he will start decrypting them for other sites etc

    No your website passwords and server passwords
    SHOULD NEVER BE USED ON OTHER FORUMS LIKE KWWHUNCTION ETC!
    Join Litewarez.net today and become apart of the community.
    Unique | Clean | Advanced (All with you in mind)
    Downloads | Webmasters


    Notifications,Forum,Chat,Community all at Litewarez Webmasters


  5.     
    #4
    Member
    indeed rule 1 never use the same password on any other board (i used to root a few people a few years ago because they was dumb to use it on every site, satanwarez owner did and this got me his root on his server, email and credit card details).

    also ip and password protect any of your admin panels, stay up to date with your forum software.

    and there is many ways to secure your server, if you need help let me no.

  6.     
    #5
    Member
    i wasn't really hacked but they accessed my cpanel and deleted my forum's database and changed the front page...
    they accessed it because one of the hosts staff added a password to my cpanel that was 'password' and they forgot to delete it.. but luckily i was talking with them while it happened and so i told them to restore it my database of a backup they made

  7.     
    #6
    Member
    Website's:
    litewarez.net litewarez.com triniwarez.com
    Yea i see so make sure you double check what accounts or on your server apart from your own!

    i mean real ppl who dont really know about hackers use passwords such as the sitename or 123456 etc and its stupidity.
    Join Litewarez.net today and become apart of the community.
    Unique | Clean | Advanced (All with you in mind)
    Downloads | Webmasters


    Notifications,Forum,Chat,Community all at Litewarez Webmasters


  8.     
    #7
    Member
    that's why i don't like sharing my server or using cpanel! so many holes people can find... just a simple php shell would do the trick most of the time if the servers not be secured...

    people should check the servers, here is a few shells... if its not secured i can help doing it. http://www.movierush.org/PHP.Shells-KOOSH.zip

  9.     
    #8
    Member
    Website's:
    litewarez.net litewarez.com triniwarez.com
    Yes thats right you want to stop shells at all costs! there script kiddies attempt to get your site make sure you scan for these fiels and check them out because im not sure that any webware package coems with r57 as a file or r99 etc etc!
    Join Litewarez.net today and become apart of the community.
    Unique | Clean | Advanced (All with you in mind)
    Downloads | Webmasters


    Notifications,Forum,Chat,Community all at Litewarez Webmasters


  10.     
    #9
    ლ(ಠ益ಠლ)
    Website's:
    extremecoderz.com
    Good thread litewarez, nice info. I didnt really get hacked, but i made the stupid mistake of using my hotmail account with my admin account. They got into my hotmail account, and as a result, requested a forgotten password, and bada-bing, in you go.

    Fortunately they never got into the backend so all was good, but just remember that hotmail accounts are NOT secure, they are hackable. NEVER use a hotmail account in conjunction with your administrator account, or for anything else such as a paypal account.

    If you know a little php, you can add a password to your backend, such as:

    admin.php?mySTRONGpassword

    If the password is wrong, just redirect back to index.php.
    That way, even if they know your login details, they cant get into the backend unless they know that password as well or have access to your DB, in which case your fucked anyway.

  11.     
    #10
    The Wise One
    Website's:
    twilight.ws ddlrank.com
    I suggest getting into RoboForm, it remembers passwords, has a master password to protect all the password files and has a built-in password generator. Every password is different for me, never use the same password twice.
    I can always be contacted by sending a tweet @twilightws

Page 1 of 4 123 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Defendos Security - Official Thread
    By l0calh0st in forum Web Development Area
    Replies: 40
    Last Post: 31st Oct 2012, 03:54 PM
  2. Hosting Tutorials,Tips,Security,General | PhotonServers
    By ChosenOne in forum Useful Sites
    Replies: 9
    Last Post: 20th May 2010, 10:10 AM
  3. Replies: 14
    Last Post: 19th May 2010, 06:07 PM
  4. [LE] PhotonServers.NET | Hosting Tutorials,Tips,Security,General
    By Raptile in forum Traffic Market (Buy, Sell and Trade)
    Replies: 9
    Last Post: 14th May 2010, 06:11 AM
  5. Security Tips
    By sniper in forum Webmaster Discussion
    Replies: 6
    Last Post: 11th Feb 2010, 10:28 AM

Tags for this Thread

BE SOCIAL