I feel embarassed to post this, but I am in a bit of a predicament. The time has come for me to secure a forum database, but I have had others do it for me throughout my entire forum tenure. (In some cases, the people that secured the DB did a very poor job and got us hacked)

I have been looking around but I see no general tips and tricks to get me started on securing a forum DB.

I need to know some basic stuff. Lend me everything you know and can put into words. I have friends that can help me with the high end details.

Thanks for your time and responses.

.htaccess admin area for forums - tho not directly effected the database this is a very important and easy thing you should do.

Only give rights to the forum mysql user that vbulletin needs.

Firewall the MySQL port.

First task is to definately block all incomming traffic on port 3306 with exception of
localhost
127.0.0.1
192.168.0.1 (probably this too)

next is to check user permissions in the mysql database in the user table.

I find phpMyAdmin is the best way to set these.

Thanks for your responses so far. I am compiling a text file with all this stuff in it.

Anymore rather simple suggestions? Any higher end suggestions? This can be of use for other new admins as well.

well locking down port 3306 means they need to get on your server to do any damage.

The next thing is just managing the users correctly, making sure that each has a random password and preventing people from reading each others php files. ie. correct file permissions.

It looks to be simpler than I thought. I have always done well with vbulletin permissions and setting things like that. I will be getting into the whole forum thing again soon. Thanks Scott, everyone.