Here's some things you can do to increase the level of security for your forums:
1. Always upgrade to the latest stable version.
2. Do not install any unofficial hacks or plugins as they are not written or reviewed by our developers.
3. Password protect the following directories using .htaccess/.htpassword: admincp, modcp, install, includes, packages, vb. You can find instructions here: http://www.javascriptkit.com/howto/htaccess3.shtml
4. Make sure the tools.php file is NOWHERE on your website.
5. Although this is only a potential problem if someone gets a hold of your customer number, you should remove the upgrade.php file in your located in the install directory.
6. Remove the ImpEx files if you had used this import system.
7. If you have phpMyAdmin make sure it's password protected.
8. If you suspect a hacking attempt, ask your host to change the login password for your web account.
9. Make sure all the Admin and Mod passwords are secure. Change them if you have any doubts. And use hard to guess passwords.
10. Enable the 'strikes' system which will help thwart brute force password attempts:
Admin CP -> Settings -> Options -> General Settings -> Use Login "Strikes" System -> Yes
11. NEVER allow HTML in posts, PMs or in sigs.
12. Make absolutely sure there are no viruses, trojans or keylogger spyware on your PC. Any of these could steal your password and other personal info.
13. Do NOT upload the directory called do_not_upload/
14. Use a different password for each forum you sign up with. Use a different password for your forum as you do for the .htaccess directory password.
15. Update the config.php file and set yourself as undeletable user so they can't touch your admin account.
Note your forums are only as secure as the passwords you use and the server it is on. If the server is accessed then there's nothing vB can do to prevent potential security violations.
1. Always upgrade to the latest stable version.
2. Do not install any unofficial hacks or plugins as they are not written or reviewed by our developers.
3. Password protect the following directories using .htaccess/.htpassword: admincp, modcp, install, includes, packages, vb. You can find instructions here: http://www.javascriptkit.com/howto/htaccess3.shtml
4. Make sure the tools.php file is NOWHERE on your website.
5. Although this is only a potential problem if someone gets a hold of your customer number, you should remove the upgrade.php file in your located in the install directory.
6. Remove the ImpEx files if you had used this import system.
7. If you have phpMyAdmin make sure it's password protected.
8. If you suspect a hacking attempt, ask your host to change the login password for your web account.
9. Make sure all the Admin and Mod passwords are secure. Change them if you have any doubts. And use hard to guess passwords.
10. Enable the 'strikes' system which will help thwart brute force password attempts:
Admin CP -> Settings -> Options -> General Settings -> Use Login "Strikes" System -> Yes
11. NEVER allow HTML in posts, PMs or in sigs.
12. Make absolutely sure there are no viruses, trojans or keylogger spyware on your PC. Any of these could steal your password and other personal info.
13. Do NOT upload the directory called do_not_upload/
14. Use a different password for each forum you sign up with. Use a different password for your forum as you do for the .htaccess directory password.
15. Update the config.php file and set yourself as undeletable user so they can't touch your admin account.
Note your forums are only as secure as the passwords you use and the server it is on. If the server is accessed then there's nothing vB can do to prevent potential security violations.
Comment