Announcement

Collapse
No announcement yet.

Web Site Hacking November 2008

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Web Site Hacking November 2008

    A search here did not find any posts on this topic. I hope this is the right place for this subject.

    I am using the SMF message board software, and first noticed some 10 new registration requests in one week. The user names and e-mail addresses caused me to investigate. The SMF web site confirmed auto generated users were applying to many SMF sites and some sites had already been hacked. I noted this comes after two of spamers and criminals favorite servers had been taken down.

    I have taken pre-emptive action by replacing my current passwords with stronger passwords and deleting the questionable new users. Did I miss something? ResellersPanel's servers do NOT allow "special characters" in passwords? If so I am astonished. Every article on website security I have ever read advises strong passwords be made op of upper and lower case letters, numbers, and special characters. The addition of special characters to a password means hackers attempting to crack a password would need a week or two to try every possible combination of some 90 characters. Its not worth it, seeing how there are so many easy targets available.

    My initial reason to post here is to offer a warning to others and to possibly give a heads up to our server techs to be watching for hacking attempts. These attacks are still to new to know just how they are breaking in, whether through the web site or the server.

  • #2
    The best way I know to avoid this is to go into your SMF control panel and change the registration settings to "Member Activation" instead of "Immediate Registration" which is the default. The potential members will receive an email with a link that they will have to click on for registration. This will avoid much of the spam that you are presently receiving.

    Comment


    • #3
      I have SMF on a site that I run for some friends, in the last 2 weeks there have been nearly 20 new sign ups coming from the same IP, the site requires Admin approval as the forum is by invite only. I just banned the IP range in the Ban user section. since then I have had 12 triggers where they have tried to access the forum but no new sign up's.

      Just make sure you check the Admin Control Panel making sure you have the latest version, if not just click the update button, it will do it it's self, no down loading and uploading manuly of files.

      Comment

      Working...
      X