Floris
25th November 2006, 04:57 AM
It's that time again, where we remind you that security is important.
CHECK YOUR FORUM FOR SECURITY ISSUES AND PREVENT ABUSE
How?
Make sure you read the announcements in the admin control panel each time you login. Dismiss the ones that no longer apply to you. And upgrade your forum to the latest version. Subscribe to our announcement forum and the one from vBulletin.com and read the weekly digest updates in your mail.
Patch your forum software you choose not to upgrade right away, this could save you days of restoring a hacked forum.
Rename your admincp and modcp directory to something harder to guess and add .htaccess password protection to these two directories on a per user basis. One per staff member and only give access to those staff who need it. Also remind your staff to frequently change their passwords to a hard to guess pass.
Remove the impex software if you do not need it. Remove any files from the do_not_upload/ folder if you had to upload any of them to fix issues.
Remove the install/ directory completely, you don't need it to run vBulletin. You can at any time restore this directory if you require any of the files.
Make daily backups to the web server, for both the files and the database. But store them outside your public_html/ directory. Archive these backups at least once per week to your harddrive. Once archived, remove them from the web server to avoid someone grabbing them.
Keep an eye on your forum activity and catch spammers, hackers, and more. Check your webalizer statistics, and put .htaccess password protection on that directory so it can't be reached from the public (giving away any info to directories and files that hackers shouldn't read).
Don't leave the vBulletin .zip in your public html directory. This is a) a risk for security and b) against the license agreement.
Read this sticky thread on vBulletin.com for more tips and hints: Sticky: How To Make My Forums More Secure (http://www.vbulletin.com/forum/showthread.php?t=194701)
And post your tips and hints in this thread!
CHECK YOUR FORUM FOR SECURITY ISSUES AND PREVENT ABUSE
How?
Make sure you read the announcements in the admin control panel each time you login. Dismiss the ones that no longer apply to you. And upgrade your forum to the latest version. Subscribe to our announcement forum and the one from vBulletin.com and read the weekly digest updates in your mail.
Patch your forum software you choose not to upgrade right away, this could save you days of restoring a hacked forum.
Rename your admincp and modcp directory to something harder to guess and add .htaccess password protection to these two directories on a per user basis. One per staff member and only give access to those staff who need it. Also remind your staff to frequently change their passwords to a hard to guess pass.
Remove the impex software if you do not need it. Remove any files from the do_not_upload/ folder if you had to upload any of them to fix issues.
Remove the install/ directory completely, you don't need it to run vBulletin. You can at any time restore this directory if you require any of the files.
Make daily backups to the web server, for both the files and the database. But store them outside your public_html/ directory. Archive these backups at least once per week to your harddrive. Once archived, remove them from the web server to avoid someone grabbing them.
Keep an eye on your forum activity and catch spammers, hackers, and more. Check your webalizer statistics, and put .htaccess password protection on that directory so it can't be reached from the public (giving away any info to directories and files that hackers shouldn't read).
Don't leave the vBulletin .zip in your public html directory. This is a) a risk for security and b) against the license agreement.
Read this sticky thread on vBulletin.com for more tips and hints: Sticky: How To Make My Forums More Secure (http://www.vbulletin.com/forum/showthread.php?t=194701)
And post your tips and hints in this thread!