Jump to content

Security items to lockdown site for invision board products


Recommended Posts

Hello, we were recently hacked by the following:

http://forums.oscommerce.com/topic/345957-evalbase64-decode-hack/

as we us invision boards as our source CMS but we use WP for the frontend of the site. My system adminstrator was curious what security and permissions items should be have in place to insure that we don't have this issue again. We have put in a ticket to invision as well as we are looking for documentation on security for invision. Thanks

Link to comment
Share on other sites

Are you hosted on invision power's hosting service? Or elsewhere? If elsewhere, what is your setup?

On the general question of what is a "secure setting". We can't answer that. No one here can say it conclusively because it depends on literally hundreds of factors. It's not a simple thing and there is no silver bullet that solves the issue. That's why you get a good system administrator to figure it out. For example, in big picture: we don't know your operating system, and in small picture: we don't know what php mods you are running. All these things are factors to the answer of "what is the proper settings".

Link to comment
Share on other sites

Linode is managed. You can contact them and tell them that you've been hacked. Have them secure your server.
As for IPB's permission recommendations, they are available here:
http://community.invisionpower.com/resources/documentation/index.html/_/documentation/getting-started/chmodpermissions-guide-r16

Also, to note, the "eval(base64_decode Hack" is not a method of hacking. It is the aftermath of the hacking. The hacker got access to your website somehow and they planted that there. So, having shown that this hack exists does not explain how you were hacked or what you should do to prevent from getting hacked again.

Some general tips:
- Keep a secure password. And when I say secure, I mean secure and don't use the same password else where or at least limit number of places that shares passwords.
- Many plugins are not secure at all. You should be heavily concerned everytime you choose to add a plugin.

Link to comment
Share on other sites

On the general question of what is a "secure setting". We can't answer that. No one here can say it conclusively because it depends on literally hundreds of factors. It's not a simple thing and there is no silver bullet that solves the issue. That's why you get a good system administrator to figure it out. For example, in big picture: we don't know your operating system, and in small picture: we don't know what php mods you are running. All these things are factors to the answer of "what is the proper settings".




There's no silver bullet but there's nothing wrong with asking for advice here. After all, a good/great sysadmin will likely know zero about IPB software. He/she will know how to secure the server, but if the attack is coming over port 80 to a vulnerability in the web/php layer, it really doesn't matter.

Linode is not managed. If you want a good managed provider, you could talk to KnownHost - I have received fantastic support from them.

In general:

- strong passwords (16+ chars, etc.)
- unique passwords (db password is different than login password which is different than the htaccess for your admin area, etc.)
- if you're savvy, no passwords for shell login (use passphrase'd SSH keys instead so access requires having the ssh private key)
- run ssh on a different port - just to keep annoying skiddies away
- do everything the Security Center recommends
- patch your OS and its packages
- patch IPB and watch security announcements
- install something like CSF/LFD/fail2ban/etc. - something that will watch your logs and throw up a temporary firewall (iptables) block if someone is trying to brute force a login, port scannnig you, etc.
- follow the CHMOD guide for IPB strictly
- versioned offsite backups without the credentials to erase them stored on the server
- monitor logs
- limit access
- don't give out shell
- if you have stuff other than IPB running on the box (wordpress, etc.) then of course you have to stay on top of those

I'm sure there are more things but that should keep you busy for a while :-)
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...