No announcement yet.

Security Questions

  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Questions

    So the area of discussion for my forum is one that currently existing forums are always suffering ddos and redirect attacks.

    I'm spending a lot of money to ensure that host-wise, server-wise (load balanced and firewalled to heck and back) the physical connectivity is already taken care of.

    However, many of the sites that I see bombarded so quickly are running Vbull, yet it is still considered the best.

    So here I am asking the following question: post-purchase will I have access to the brains of this community to help me discover the best ways to tighten down the hatches or are security related discussions generally frowned upon here?

  • #2
    DoS and DDoS attacks can happen to anyone and they cannot be effectively fought at an application level. They need to be fought at the server and router level.

    And yes, as a customers you can ask for general help with securing your server, etc.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography

    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    • #3
      I'm still trying to research the following, but the redirect attacks?

      It would seem that there is something compromised that allows for someone to actually get in and reconstruct the code so it redirects to other sites.

      Would I have access to security patches or any updates you all roll out if I purchased the owned license?

      And - would those be application side security corrections?

      I'm not seeing any reason why I won't go with vbulletin at this time. The redirect attacks are my largest concern since they would require correction of the code as opposed to simply rebooting my servers/bleeding off connections.


      • #4
        I'm still trying to research the following, but the redirect attacks?
        That is something completly different then a (D)DOS attack.

        Those boards that had this kind of problems where either not running default vBulletin or they where compromised at server level.

        There are currently no known security issues with the latest version of vBulletin. If a vulnerability is found, then it is usually patched within a day.
        Want to take your board beyond the standard vBulletin features?
        Visit the official Member to Member support site for vBulletin Modifications:


        • #5
          DDoS or Internal Hacking have not a single link with the software you use... they are related to the hacker's permeability to access your server's core.

          DDoS can be made on ANY website, a single index.html or a mega corporation like Microsoft... this is not related to the site itself but to the guy that have hundreds of servers communicating with your site at the same time. no matter the security level you have on your script or server, there is nothing you can do to handle that...

          the more you try to act against DDoS, the longer the attacks will occurs btw...
          oh no, i'm not going with Xenforo... come on, i'm better than that... i stick with Wordpress... rofl


          • #6
            You can ddos .php, .asp, .html or any other "LISTEN port" on a remote server. Some scripts are more vulnerable causing more data and replies, whereas some other scripts have build in flood triggers that can "try" to discontinue more requests, which helps a little.

            more details here:


            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.