Can someone tell me how I can stop my new website from getting hacked? It's a forum, and im new to creating forums, however I am an admin on a forum. The url is www.oreosdomain.darkbb.com , please help, before my site get's any bigger i want to make sure I have the right protection.
I think you can contact your hosting provider for requiring a better firewall.I did such a thing and worked for me.
If u hope for a large community,run the site in a specific domain.Its a subdomain. you can get co.cc domains freely and redirect to your forum. I recommend to switch for paid hosting if u need a secure server.I think you can get very cheap hosting from DP(digital point) members.
I know...but on a different website they were talking about something to where you can hack an admin's password. I think it had something to do with pearl script?.
Adding to what has already been said... phpBB has a track record of security flaws. The most important thing I would recommend is to check the phpBB website every day for any updates, particularly security updates. If it is possible, try looking for different forum software with a better security record. As well as watching for updates it would be worthwhile monitoring security alert services like Secunia and Milw0rm (Milw0rm isn't strictly a "security alert service" but it does have a lot of 0 day exploits before anyone else.) If you find a vulnerability in your version of phpBB, the best bet would be to employ any workarounds that are suggested in the alert or simply take the forum offline until a patch is available. You can be certain that hackers will be doing both of these things and as soon as there is a vulnerability they will be using Google to find un-patched phpBB forums and running the exploit against them. Many web-based exploits rely on JavaScript. You can avoid all XSS attacks that would steal your Cookies (which contain your login credentials) by turning JavaScript off in your browser for your own site. That way, even if someone does find an XSS exploit in your forum, they still can't steal your login. They can still steal anyone else's logins but not yours because you don't run JavaScript. Of course, this is only protection against XSS attacks; if they find an SQL injection exploit then they won't need to find your password... they can just change it. phpBB is probably the most vulnerable part of your system but a system is a complex thing and, as such, is vulnerable in more than one place. You will need to monitor Secunia and Milw0rm (and others) for all of the products that your server uses. This means your version of Linux, Apache, MySQL, PHP and any other software you are running. Lastly, keep reading this forum and learning about security/hacking. If you "think security" all the time then you will find yourself noticing security holes all over the place. As an example, I found one in my bank's login form just this morning (which I rang them about immediately) because I'm pretty much always thinking about the security aspects of anything I do. As you browse around your own site or look at the PHP code you will see areas that can be exploited or can be used in more ways than were originally intended. A hacking mindset is about finding ways of using something that were not intended or not anticipated. A security mindset is about limiting the possible uses of something to only the uses we want to allow.
I'm so very tempted to just post one link: http://www.fuckinggoogleit.com/ But I'm a nice guy (really... I am) so here are a couple to get you started. phpBB vulnerabilities: http://www.milw0rm.com/search.php Search for "phpBB" on that page. http://secunia.com/product/463/?task=statistics http://secunia.com/product/SOFT_P/#list Search for "phpBB" on that page. There are lots of plugins as well. Alternative forum software http://getvanilla.com/ http://secunia.com/product/16237/?task=statistics If you search for "Vanilla" on Milw0rm you will just find the same vulnerability from last year that Secunia are reporting. The patch was released one day later.
Heh... I had no idea you were 13. Of course, it makes no difference to me. I've met 13 year olds who could run rings around me so I've learned not to treat people differently just because of their age. I will cut people a bit of slack if they are new to this... but not because of their age, only because of their experience.
This one is relating to your robots.txt file. Yes, you can do all these soft protection tricks but my recipe for protecting my admin pass is: - use long alfanumeric passwords - change it once a week
If you have a folder on your website that contains sensitive or restricted information, you can password-protect it to prevent unauthorized visitors from seeing its contents using what's called "HTTP authentication". Next, in the directory you want to protect with HTTP authentication, create or upload a file named: .htaccess (remember to include the "." before the "htaccess"). The .htaccess file should contain the following 4 lines: AuthType Basic AuthName "Some Description" AuthUserFile /[home dir full path]/[passwordfile] Require valid-user For example, if your domain was example.com, then the third line would read: AuthUserFile /www/vhosts/e/example.com/allowlist Note: Be sure your .htaccess file is CHMOD'd to 644.