Announcement

Collapse
No announcement yet.

vBulletin 2.2.9 Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • vBulletin 2.2.9 Security

    My forum utilizes vBulletin 2.2.9. My question in regards to security is in relation to two aspects:

    1) How secure is the private messaging system?
    - Can third parties monitor PMs sent back & forth between users? If so, how?
    ~~ Third parties are in reference to those who do not have the passwords of the individuals exchanging PMs or non-administrative staff. Basically people attempting to spy/monitor PM traffic between users?

    2) How secure is a private forum?
    - Can parties not authorized access to these forums still view posts within these forums by other methods?

    3) If someone had root access to the server, can they view PMs and/or posts originating in private forums by looking in the database?

    Basically... how secure is vBulletin with regards to private functions such as PMs and private forums? Do methods exists to monitor such private traffic aside from covertly acquiring the password for users?

    The reason for my question is due to the fact that I admin/moderate a forum for personnel employed by the U.S. Government who use this forum in leisurely/unofficial capacities but occassionally communicate information that, while not classified, is information that would not be ideal for the eyes of prying eyes. So that is the reasoning behind my inquiry.

    If anyone feels that the nature of my post is too sensitive for an answer on a public forum, please feel free to e-mail me or PM me. I would also be open to verifying who I am and any aspects of what I stated as far as my reasoning for this inquiry.

  • #2
    There are some security issues with vB 2.2.9 that may or may not be related to what you've asked about.

    1. Anyone with access to the server or database can view PMs. This is true with any version or software. There are no known security issues specifically related to PMs.

    2. Private forums are only as secure as the passwords of your members with access to these forums. There are some security issues in pre.2.3.2 versions that may be exploited.

    3. See #1.

    There are no methods to monitor PMs in vB. Nor are there any specific security issues regarding this.

    Here's some things you can do to increase the level of security for your forums:

    1. Upgrade to the latest version.
    2. Do not install any hacks
    3. Password protect your Admin and Mod CPs: http://www.javascriptkit.com/howto/htaccess.shtml
    4. Make sure the getadmin.php file is NOWHERE on your website
    5. If you have phpMyAdmin make sure it's password protected.
    6. Inform your host of these hack attempts and ask them to check the logs to see when your account w
    as accessed.
    7. Also ask your host to change the login password for your account
    8. Change all your Admin and Mod passwords.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment

    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
    Working...
    X