Forumotion Security

View previous topic View next topic Go down

Forumotion Security

Post by discovery on Mon Mar 21, 2011 6:01 am

Hello Forumotion Users,

In this tutorial, I will explain what
being hacked means, what you can do to prevent it, and what you should
do if you were hacked.

I. Forum Security


Enlarge this imageReduce this image Click to see fullsize


Here are all of your important security settings,


Enlarge this imageReduce this image Click to see fullsize


For the best possible security for your forum, please use the following settings.

Confirm password to administration access: Yes
If
someone tries to hack your forum and they get your password because of a
lucky guess, this can help stop them. For one, if the hacker doesn't
write down the password or remember it, they can't do anything really
harmful. Second, you can see if someone else logged in by scrolling
down in the security tab.

Disallow "Send by email a new password" to administrators and moderators: Yes
This item disallow the use of 'I forgot my password' for administrators and moderators.
It is advised to activate it (if you are sure to not forget your password...).
You can always modify your password in 'Profile'.

This
should definitely be activated. This way, if a hacker has access to
your email, he can't use the "Forgot Your Password?" link to reset your
password. If you are worried that your moderators might forget their
password, add them on a social site for easier contact.

Disallow moderators to ban members: No
If
your moderators witness strange activity or spam, they should be able
to ban the poster. This is really pretty self-explanatory.

Allow moderators to see the hidden users: Yes
If
a hacker joins your site and changes his preferences to hidden, then
only admins will be able to see them. I would change this so all staff
members can notice if something is wrong and then act on it.

Automatic daily forum backup: Active
This
is the biggest part of your forum security. If a hacker deletes your
forum, you can restore everything if the forum backup is active. If you
want to change the forum backup, please visit the ForuMotion Utilities.

IP address accounts creation limit, for each 24 hours:
I
would set this to 2 or 3. This way, a hacker can only make 2-3
accounts, so once you ban him/her, she/he can't register anymore. You
could also just ban his/her IP address so no more accounts can be made.




II. What "hacking" is

A
lot of people think that being hacked is when someone threatens their
forum or spams the forum. Being hacked means they destroy your forum
and/or change it to whatever they want. I would just like to let you
guys know that this isn't possible on ForuMotion forums. People say they will break into your forum all the time, but they can't do that unless they know the admin password.




III. Other precautions

Of
course, there are some other precautions you can take to make sure your
forum doesn't get hacked. Change your password at least once a month to
keep the hackers guessing. Also use passwords that are specific to your
interests and not something like admin123. Try to use other symbols
such as !, @, %, +, etc. so that your password won't be easy to guess.
Also try using 0 instead of O, 1 instead of I, etc.

When hiring
staff members for your forum, if you can, visit applicants websites to
see if they are trustworthy. If you see a site that is well run, you can
most likely trust that person. However, if someone gives you a faulty
link, you might want to think twice about hiring him/her as a moderator.

Another
option is to make users check their email for a confirmation link. This
way, a hacker can't register over and over again without providing a
valid email address.

You could also open up a thread in your
staff section for staff members to report any suspicious activity so
everyone can be alerted.

Never provide your password to anyone,
even if this person claims being part of our forum hosting or the
ForuMotion staff! Besides your forum, only the rescue tools ( http://www.forumotion.com/en/utils/ ) require the use of your password.

Be
careful of using Hotmial, Live, or even yahoo emails. They tend to get
hacked really easy. The best email services I recommend is Lavabit.com
or Gmail.

Remember that you are in control, no one else. If you
feel your site is being threatened, you can always close the forum for
construction so no one can view the forum.


____________________________________________________
avatar
discovery

الجنس : Male

عدد المساهمات : 1114
النقاط : 30732
التقييم : 12
تاريخ التسجيل : 2010-04-28

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum