Announcement

**Dennis Olson** · Mon 26 Jul '04, 8:18am

You should keep FTP turned off IMO. Just activate it when you want to make a transfer. And you do use SSH for your terminal I/O, right?

**ryanhulce** · Mon 26 Jul '04, 8:34am

I use SSH when needing to do something in Terminal but I do use FTP a lot so disabling would be a pain in the *$# I am just worried cause I have had the same setup for awhile and no problems till after 3.0.3

Originally posted by Dennis Olson

You should keep FTP turned off IMO. Just activate it when you want to make a transfer. And you do use SSH for your terminal I/O, right?

**Dennis Olson** · Mon 26 Jul '04, 8:58am

Theoretically, a hacker needs FTP access to your server. I have my FTP start/stop setup as a script that I run as root. I jump on, turn on FTP, do my thing, and turn it back off. A bit of a pain yes, but what price security, you know...?

**raxafarian** · Mon 26 Jul '04, 9:32am

so...did they hack your vbulletin?, or did they hack your server? Big difference.

**ryanhulce** · Mon 26 Jul '04, 9:50am

Only hacked vbulletin not my site.

Originally posted by decostop

so...did they hack your vbulletin?, or did they hack your server? Big difference.

**Dennis Olson** · Mon 26 Jul '04, 9:53am

How would someone hack vB? I can't fathom that. Only by uploading something to your server can it be acted upon.

???

**Steve Machol** · Mon 26 Jul '04, 10:20am

There are no known security issues with vB 3.0.3.

Without knowing how you are being hacked it's difficult to stop it. For instance if your server is being compromised then there is nothing in vB that will stop a hacker from taking over.
Here's some things you can do to increase the level of security for your forums:

1. Upgrade to the latest version.
2. Do not install any hacks
3. Password protect your Admin and Mod CPs: http://www.javascriptkit.com/howto/htaccess.shtml
4. Make sure the getadmin.php (vB2) or tools.php (vB3) file is NOWHERE on your website
5. If you have phpMyAdmin make sure it's password protected.
6. Inform your host of these hack attempts and ask them to check the logs to see when your account was accessed.
7. Also ask your host to change the login password for your account
8. Change all your Admin and Mod passwords.

Note your forums are only as secure as the passwords you use and the server it is on. If the server is accessed then there's nothing vB can do to prevent potential security violations.

**Ocean** · Mon 26 Jul '04, 2:54pm

Originally posted by ryanhulce

I use SSH when needing to do something in Terminal but I do use FTP a lot so disabling would be a pain in the *$# I am just worried cause I have had the same setup for awhile and no problems till after 3.0.3

In addition to Steve's list, there's something else you can do - which would offer a compromise for your FTP issues.

Speak with whomever is hosting your server and see if they can set up the FTP Server to allow Secure FTP connections. If they can, it will reduce some of your vulnerabilities in that area, as your login credentials and data will not be sent in plaintext.

Announcement

My vBulletin 3.0.3 Was Hacked

My vBulletin 3.0.3 Was Hacked

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment