jamiekitson
Newbie
Version 3.6.8 of vBulletin was released in 2007. Many many vBulletin forums are getting hacked at the moment.
https://www.troyhunt.com/self-hoste...you-should-be-using-managed-hosting-services/
https://www.troyhunt.com/self-hoste...you-should-be-using-managed-hosting-services/
Dan
Let's Sway
Wow! That's a scary, informative read.
nikonhswebmaster
reluctant moderator
This forum really has no personal information other than email addresses on it, no personal info, no credit cards, nothing really.
user237428934
User deletion pending
I don't use the buy and sell section here. No relevant personal information there?
Unless one uses the same password on other sites (banking for example) that one uses here, there isn't much risk.
There are other valid reasons for upgrading the forum, namely, the user experience (such as a fully responsive site for phones and tablets, drag/drop of image uploads, etc.)
There are other valid reasons for upgrading the forum, namely, the user experience (such as a fully responsive site for phones and tablets, drag/drop of image uploads, etc.)
nikonhswebmaster
reluctant moderator
No, since the RFF only accepts Paypal as payment for ads. Paypal does not reveal credit information to a seller.
The RFF is working on a major upgrade, so your point has been considered.
ChrisLivsey
Veteran
There has been publicity recently around hacks of boards:
http://www.pcworld.com/article/3095...n-leads-to-ubuntu-forums-database-breach.html
for example.
As is made clear even accessing e-mail addresses alone can lead to users being targeted with phishing mails. I would rather there was no complacency such as "nothing really" as although I do not some members, and I know it is not admins duty to protect them, will use passwords here that could be exploited elsewhere.
http://www.pcworld.com/article/3095...n-leads-to-ubuntu-forums-database-breach.html
for example.
As is made clear even accessing e-mail addresses alone can lead to users being targeted with phishing mails. I would rather there was no complacency such as "nothing really" as although I do not some members, and I know it is not admins duty to protect them, will use passwords here that could be exploited elsewhere.
ColSebastianMoran
( IRL Richard Karash )
Stealing zillions of login credentials from this board IS an issue.
Even though all the above comments are true:
- some RFFers will be reusing passwords.
- hacker could make better connection of screen name to real name for lots of purposes
- owners credentials could be taken, enabling RFF server to be used for bad acts
The lesson is to keep things up to date.
Now, everyone is using a UNIQUE & COMPLEX password here, right?
All of you are taking updates on your PCs and especially your web browser immediately, right? Automatically is best?
And, finally, you are all using a password manager program, right?
These are today's good security practices.
Even though all the above comments are true:
- some RFFers will be reusing passwords.
- hacker could make better connection of screen name to real name for lots of purposes
- owners credentials could be taken, enabling RFF server to be used for bad acts
The lesson is to keep things up to date.
Now, everyone is using a UNIQUE & COMPLEX password here, right?
All of you are taking updates on your PCs and especially your web browser immediately, right? Automatically is best?
And, finally, you are all using a password manager program, right?
These are today's good security practices.
nikonhswebmaster
reluctant moderator
I have used many personal servers. The only one that was hacked by installing a rootkit was rented from DELL, and as I remember managed by a Sprint data center. In that case the hacker took over many machines.
I don't believe any individual programmer can protect a server, that is why I stopped hosting completely 15 or so years ago, I just did not want the liability. I don't personally worry much about computer hacking, but I see social engineering as more of a problem for individuals. You are certainly right about using the same password everywhere.
But many machines, especially unused university Unix and Windows machines are hacked not by humans but bots. They don't want credentials they want your machine for a botnet. Sure updating VB helps, but oddly the latest version is likely to be open to more zero day attacks, than a system where all the vulnerability in a system is well known. So security updates are important, version upgrades not always good.
Protecting yourself, not easy -- you do what you can. I worry more about my banks than the RFF, or even Facebook, or Twitter. I suggest never putting a real "mother's maiden name" on a server, or using anything but a sentence as a password, but it may all be my personal voodoo. Be careful of password apps, some are poorly encrypted, or outdated. I personally prefer encrypted folders of my own.
sevo
Fokutorendaburando
Well, sort of. In fact, and very much to the contrary of the marketing blurb in the originally linked site, rented servers are the ones most at risk, as they come with many extensions not needed (and hence not controlled by the user), and are subject to bulk attacks against thousands of servers - it is the five day old breach in the most common and popular platform that will see almost all attacks. A lonely server using a outdated, unfashionable software platform kept tightly updated with security fixes is about the most secure server you can have.
nikonhswebmaster
reluctant moderator
I was not so precise, but those were my exact experiences over the years.
e.g. Ancient Perl apps we wrote as MySQL front ends were never bothered.
You can't beat a bespoke app, without useless extensions.
A move is underway in the background to Xenforo.
What is taking time is not the forum discussions move, but having proper gallery and classified software, plus a home page similar to the home page RFF has now.
We are having to write our own Xenforo add ons.
Stephen
What is taking time is not the forum discussions move, but having proper gallery and classified software, plus a home page similar to the home page RFF has now.
We are having to write our own Xenforo add ons.
Stephen
ChrisLivsey
Veteran
Thank you to the team behind the planned changes it seems my and others concerns are understood and your feedback is appreciated.
f16sunshine
Moderator
It's pretty easy to dedicate an email address for forum use.
I have one for all the forums I log into. (all 3)
They are not synced to any devices or purposes.
It's not an airtight security measure but does give some piece of mind.
It's never completely safe online but really neither is having a snail-mailbox.
I have one for all the forums I log into. (all 3)
They are not synced to any devices or purposes.
It's not an airtight security measure but does give some piece of mind.
It's never completely safe online but really neither is having a snail-mailbox.