On 04/01/12 02:15, T o n g wrote: > Hi, > > On the second day that we put our private forum on the web, we > already saw crackers trying to hack into the forum, using some kind > of automated tools.
Unfortunately this is very common - though generally those "crackers" are just scripts running on zombied machines. > > I'm totally new to phpbb, but I guess the automated tool will try to > attack some well known predefined urls, Yes. Obscurity and deception are useful tools in your kit. > for phpbbs it'd be site/phpbb/ ucp.php?mode=register, it that so? That's one of them. There are a few sites you can use to keep up with attach trends and exploits[*1]. Another "desirable" file is memberlist.php[*2] - it sounds like the best practise in your situation is just to remove it. There are a number of other attractive targets which depend upon what extensions you have installed[*1]. > > If I move our forum entry off the well known /phpbb place, into > something the automated tools never knew, would it at least prevent > those existing cracking tools? Yes! IMO the six main mistakes people make with CMSs are:- 1. failing to update judiciously 2. failing to set correct permissions (including umask, .htaccess, and user and program permissions, allowing unneeded ftp/ssh/remote mysql access) 3. reusing passwords 4. installing unnecessary extensions and plug-ins (and keeping unneeded files eg. faq.php and install/update directories) 5. broadcasting the details of the software and versions being used 6. leaving vulnerable files and logins in default places without a compelling reason > > Thanks > A couple of general suggestions:- ; use mod_rewrite and .htaccess to prettyfy links - it stops dumb scripts doing this sort of thing:- http://www.google.com/search?q=inurl%3Aviewtopic.php ; I like to redirect requests for the default login page (which I always relocate) to somewhere that bites. ; consider banning HTML in posts ; don't allow remote images in posts (including user icons) ; consider running a home development server - make all changes there first - test in the secure environment and minimise you exposure time when making changes to the production server. ; IDS is also a must - doesn't have to be tripwire, can be just cron based awstat scrapes or similar. ; regularly checking your site while using the browseragent to emulate Google will show some of the most common hijack indicators. ; VirusTotal is a *very* handy tool. You can get some general advice here:- http://www.siteground.com/phpbb-security.htm Disclaimer: I don't have a lot to do with phpbb - though I regard it highly. Your best info is going to be available on the phpbb forums. Cheers [*1] For general trends:- http://isc.sans.edu/ NOTE: if you run KDE there's a handy little tool:- http://www.jokele.de/infokon/ For a little lead time on 0 day exploits:- http://www.exploit-db.com/search/ [*2] you should also remove the member list links from overall_header.tpl -- Iceweasel/Firefox extensions for finding answers to Debian questions:- https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f03f8c2.8010...@gmail.com
