Hi. My forum seems to be under constant waves of brute force hacking attempts on member accounts. Of the ones I know of a couple of accounts were hacked and used to spam and lots of members frequently receive notification that someone has tried to access their account unsuccessfully 5 times which concerns them and I. It concerns me if this goes on whether eventually, as well as more member accounts getting hacked for spamming, mod and/or admin accounts will be hacked too which in the worst case scenario could destroy the forum.
I've blocked off access to the includes, admincp, modcp, packages and vb folders via .htaccess and make sure my VB and plugin code is kept upto date. I've also activated enforced passwork changing every X days and ensured sensitive passwords are hard to guess. I've also banned China & Hong Kong IPs in Apache as that was where most of the hacking seemed to originate from but it just seems to come from all over the world now looking at IPs. I've always ensures not to leave an install directory behind after an installation or upgrade.
I did install Drangonbyte VBSecurity too to try and help but that just seems to continuely detect attacks and block IPs but things just don't seem to get any better eg the amount of hacking activity remains constant. I assume hackers use fake or proxied IPs of which there must be masses?
I'm at a bit of a loss really :-(
I've blocked off access to the includes, admincp, modcp, packages and vb folders via .htaccess and make sure my VB and plugin code is kept upto date. I've also activated enforced passwork changing every X days and ensured sensitive passwords are hard to guess. I've also banned China & Hong Kong IPs in Apache as that was where most of the hacking seemed to originate from but it just seems to come from all over the world now looking at IPs. I've always ensures not to leave an install directory behind after an installation or upgrade.
I did install Drangonbyte VBSecurity too to try and help but that just seems to continuely detect attacks and block IPs but things just don't seem to get any better eg the amount of hacking activity remains constant. I assume hackers use fake or proxied IPs of which there must be masses?
I'm at a bit of a loss really :-(
Comment