Announcement

Collapse
No announcement yet.

Is Hacking a Big Problem with VBulletin?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is Hacking a Big Problem with VBulletin?

    We're trying to find a good forum tool to use with our ecommerce web site - however our big concern is hacking - our site gets a lot of traffic and really do not want to deal with the trouble or embarassment of getting hacked.

    I searched "hacked' on this forum and noticed quite a few panicked posts on the subject.

    Does this happen a lot with VBulletin and is there watertight method for preventing it (even if it means imposing restrictions on posters)?

  • #2
    We take security very seriously and do the best we can to ensure that vBulletin has no security holes. And when we become aware of a security issue we generally provide patches and updates within 24 hours of confirming a problem.

    Unfortunately security issues are a fact of life with online software. While we work hard to avoid and eliminate security issues, we cannot guarantee that our software is completely free from bugs or security issues.

    However as our record shows, we aggressively track and fix any security issues as soon as they become known to us.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment


    • #3
      Thanks for your quick reply - more questions

      if you come up with patches and updates how do you notify your customers or how do we become aware of them - do we have to keep checking or will be alerted?

      Are patches/upgrades simple to apply?

      If we are diligent at keeping the software updated how likely are we to get hit ( I don't have anyone in mind that is out to get us but just by the luck of the draw)? Any stats on this?

      Comment


      • #4
        New version and patch notices are sent to all licensed customers. You can read the Announcements forum to see instrucctions for applying patches.
        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
        Change CKEditor Colors to Match Style (for 4.1.4 and above)

        Steve Machol Photography


        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment


        • #5
          The patches and upgrades are pretty easy to install, you are normaly notified by e-mail when an update or security issue is found or corrected.



          IMO - if you are a target then you will be hacked no matter what you do... if security is such an issue, then I would recommend a dedicated server in which you have total control and a very nice firewall.
          www.yamaha-forum.net | www.exactservers.com | www.ducati-superbikes.com | www.suzuki-forums.net | www.diavel-forum.com

          Comment


          • #6
            vBulletin is amazing when it comes to security as the bugs are fixed very quickly indeed .

            Comment


            • #7
              I realize that hacking can be a problem no matter what you use - so I appreciate the feedback

              Anyone have a list of "best practices" (or maybe you can direct me to a thread somewhere on this site) that I should know about before we install and get going on developing our forum?

              Comment


              • #8
                Originally posted by trialrun View Post
                Anyone have a list of "best practices" (or maybe you can direct me to a thread somewhere on this site) that I should know about before we install and get going on developing our forum?
                I would read and apply these recommendations:
                http://www.vbulletin.com/forum/showthread.php?t=172234

                In my experience from being a user on a forum I have very rarely seen a vb forum being hacked.

                The biggest concerns I think you should personally have are:

                1. Make sure your server is as secure as it can be and the software on it. I have seen a lot of sites being hacked that have a forum but were hacked through a hole in something else. It's always a good idea to check out the software before you install. What are other users comments regarding security? Is the software known to be buggy?

                For my forum personally I worry more about the server rather than Vbulletin.

                2.Always make sure your board is patched or the latest version. Whilst VB is very secure it isn't bullet proof. I have seen a few boards get hacked in my time here. But all of them were down to someone not patching a security hole in VB. That's not to say that if you're fully patched you will never get hacked. But it will make the chances more slim.

                3. It's a big responsibility owning a forum and I think some users can be under the illusion that it can be quite easy. It's easy to set up. It becomes harder when you try to maintain and keep it secure. The bottom line is if you're not dedicated then the forum will run wild.

                Hope my comments can be of some help. Good luck with your forum.
                Best Regards,

                Matthew M (matius4)

                Comment


                • #9
                  Originally posted by trialrun View Post
                  I searched "hacked' on this forum and noticed quite a few panicked posts on the subject.
                  I would say 9 times out of 10, a hacking occurs either becuase the attacker has access to the server itself (nothing will stop someone who has that access) or becuase the vBulletin version is outdated and has known security issues.

                  As far as keeping track of new updates, you'll get a notification right on your AdminCP's main index page that there's a version newer than the one you're running, and it'll have a link to both the direct download and the announcement about it.

                  Comment


                  • #10
                    Having third party hacks or plugins is the what normally causes a vBulletin board to be compromised. If you keep it to the base features then you should be pretty safe as long as the rest of your server is properly locked down.

                    Comment


                    • #11
                      thanks for all the feedback - I think we'll give it a try

                      Comment

                      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                      Working...
                      X