Subin Posted May 30, 2010 Share Posted May 30, 2010 Today my forum had been hacked & the hacker deleted all member's accounts. It's impossible to recover. I wish IBP have a function in Admin Control Panel that let Admin could set the security question or something like that instead of Username/password to login only. Just my 2cent, I'm IBP fan since version 1.x Thank you. Link to comment Share on other sites More sharing options...
Rikki Posted May 30, 2010 Share Posted May 30, 2010 A question is potentially much easier to crack via social engineering, unless you use a very obscure answer - and you can achieve the same level of security by using a secure password. We always recommend that administrators have very secure passwords, changed regularly. In addition, we also support: moving the admin directory, .htaccess login, and admin lockouts after 'x' number of incorrect attempts. If member accounts were deleted, you should be able to recover if you had recent database backups. What backup procedure do you have in place? Link to comment Share on other sites More sharing options...
Subin Posted May 30, 2010 Author Share Posted May 30, 2010 : ) I have to say I'm extremely impressed with your reply. It's too bad for me today because one of my small forum had been hacked. Restore backup means lost members/post xxx hours. I think after upgrade my forum to version 3.0, I forgot change CHMOD file config.php ( it's 777 ). Someone got it & drop table member in mysql database. If member accounts were deleted, you should be able to recover if you had recent database backups. What backup procedure do you have in place? If recover from recent database backup, I think our members have to request the new password too ? Thank you for your reply. Link to comment Share on other sites More sharing options...
ᴡᴅツ Posted May 30, 2010 Share Posted May 30, 2010 You could move the admin directory but remember to put it back when you upgrade. A good security solution is to use a 128bit password along with .htaccess security. You can go overboard and use 256bit if it's supported. Using special characters like ~!@#$%^&*() adds to security. you should also use spaces and the invisible space ALT-255 ( ) I memorized my 80bit password. My next goal is to memorize a longer one. I remember my friends thought I was a freak when I bashed away at the keyboard when logging into gmail. Link to comment Share on other sites More sharing options...
Mark H. Posted May 30, 2010 Share Posted May 30, 2010 If recover from recent database backup, I think our members have to request the new password too ? Thank you for your reply. Just a quick clarification. If you restore a full backup, the member's passwords will be the same as they were at the time the backup was taken. They won't need to request a new one. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.