| T O P I C R E V I E W |
| thelodger |
Posted - 16 May 2008 : 17:18:29
I have a successful forum, well in my eyes its successful, over 100,000 posts and 700 members, no one has hacked my forum, I subscribe to the security forum and do as instructed, but it seems to me that forums much smaller than mine are still getting hacked, WHY? Am I just lucky??< |
| 13 L A T E S T R E P L I E S (Newest First) |
| campinmom03 |
Posted - 18 May 2008 : 12:16:55
May I ask, which mods are you guys seeing that is leaving so many of our forum owners vulnerable to these kinds of attacks?< |
| Maxime |
Posted - 18 May 2008 : 09:44:41
Very with fact, I call that of the small sucking of lollipops which have only that with foutre. But since I was registered by mall with the update of the Snitz forum, I pay great attention to apply all the updates. Unfortunately some mods which is on the Snitzbitz forum is not up to date.< |
| SiSL |
Posted - 18 May 2008 : 09:28:14
Since quite good portion of various hacked attempts against Snitz are from my country, I can briefly answer about "why some sites are targeted"
First answer: Because they can... It is not generally important the topic of these boards. They don't even find their own exploits. They find exploits from various exploits sites or boards and search Google for the boards who can be targets. Searching "Snitz Forums 2000" can get you quite good list of Snitz boards open for targets.
Second answer, ofcourse to show off. They are not often older than age 20, often manupulate nationalist or religious sites. Most even does not know English. So the cheering crowd for them does not do. It is often shown to public as "virtual military". They can claim "They did anti-(insert their own nation or religion) site, so we hacked" since not many know English, they can easily sell such pathetic actions.
Ofcourse, there is good portion of site owners who does not follow guidelines of products they use or updates. I think they need to change mentality of "If it is working, don't touch it"
< |
| Maxime |
Posted - 18 May 2008 : 08:59:13
It is very quite good continuation< |
| AnonJr |
Posted - 18 May 2008 : 08:54:48
I am not myself a volunteer firefighter. But I do support them every chance I can.  < |
| Maxime |
Posted - 17 May 2008 : 11:51:00
AnonJr, formed to you part of the voluntary sappers firemen of your city in the USA? I was also during 29 years sapper fireman of my city in France like volunteer with the rank of sergeant chief. Unfortunately, I had to resign in January 2000 for reasons of incompatibility with the chief of body which was not very sympatic. But I wish you long year in this function which was pure me a true passion.< |
| AnonJr |
Posted - 17 May 2008 : 10:31:38
Just to add, it sounds as if you're looking at this like no one else is running into these issues. I bet if you looked at the support forums for just about any forum, CMS, etc. you'll find all sorts of posts from people who haven't kept up to date or have added code that isn't properly secured, or have been hacked by other means and are looking for someone to take the fall. (assuming they aren't hidden for "image" purposes)
As to the thrust of your initial post, in recent months I've had this same conversation with the guy who runs the Eastover Fire Department's site (as there were 2 unsuccessful hack attempts trying to exploit the Dec. issue), and I had it again with the guys over at the Jesus Joshua 24:15 site (as there was 1 unsuccessful hack attempt trying to exploit the Dec. issue), and I had it one more time with the congregation of Hope Fellowship (as the site is relentlessly pounded by spammers trying to get in, and an attempt to exploit the Dec. issue was also adverted).
Why some sites are targeted I cannot say. www.jesusjoshua2415.com gets a lot of traffic, but isn't a very busy forum. But, given the traffic I can see why it might be a target. www.eastoverfd.com doesn't get a lot of traffic, and also isn't a very busy forum, but it was targeted. www.hopefellowship-nc.org is the site I've never gotten right, has almost no traffic, and I'm the only one who posts there - but its my most assaulted site. Go figure.
I suspect that that may be because a successful attack would be more likely to go unnoticed on a site with low traffic. There are a multitude of reasons why they attack a site. There are a number of articles out there that try to explain the ins and outs as to why they do the things they do. Why you in particular haven't been targeted, I can't say. Just be glad and be vigilant.  < |
| ruirib |
Posted - 17 May 2008 : 04:20:13
quote:
Originally posted by HuwR
We can't help it if peoples forums get hacked because they do not have the latest code, but we will help anyone that posts asking for help, even if it is not even related to the forum code, surely that is a good sight ? there are many many support sites I could mention where people make a post and nobody answers them at all.
That's an excellent point. I doubt that you find a few places where people get the support they get here, on similar situations.< |
| HuwR |
Posted - 17 May 2008 : 03:31:47
quote:
Originally posted by thelodger
Well it seems to me that the main forum is full of people saying that their forum has been hacked, sort of blaming the software, it’s not a good sight for people who are looking to set up a forum and are deciding if snitz is the one for them, we know that it’s a great forum set up and safe if you follow updates and are careful with what you add, the main forum just doesn’t give that impression at the moment.
So what do you sugest we do ? delete all the posts with the word hacked or virus in it and let people fend for themselves ?
We can't help it if peoples forums get hacked because they do not have the latest code, but we will help anyone that posts asking for help, even if it is not even related to the forum code, surely that is a good sight ? there are many many support sites I could mention where people make a post and nobody answers them at all.< |
| Podge |
Posted - 16 May 2008 : 18:14:44
In fairness, the problem is not directed at Snitz. There are bots roaming the net trying to insert javascripts and iframes into every text field of your application in order to direct traffic to wherever they want. As Rui says, the only defence is to remain vigilant and update your forum with fixes as they come out.< |
| ruirib |
Posted - 16 May 2008 : 18:10:37
If you just look at the HACKED word... I just went and had a look - one of the hacks, was not, another resulted from an unsanitized mod, probably just a couple were hacked with a 6 month old hack...
Things are the way they are and we had our share of issues...< |
| thelodger |
Posted - 16 May 2008 : 17:31:59
Well it seems to me that the main forum is full of people saying that their forum has been hacked, sort of blaming the software, it’s not a good sight for people who are looking to set up a forum and are deciding if snitz is the one for them, we know that it’s a great forum set up and safe if you follow updates and are careful with what you add, the main forum just doesn’t give that impression at the moment.< |
| ruirib |
Posted - 16 May 2008 : 17:22:16
The owners do not update the code with the fixes we post, or use mod code that does not properly sanitize input. As of now, we know of no unpatched bug that would alow anyone to hack a base code forum.< |
