• 0

is that so easy to hack IPB ? :(


Question

OrangeMood

is that so easy to hack ipb? because my forum hacked twice in 2 month, 1st table ibf_post deleted, when i;m using 2.1.4 then now table ibf_member deleted now i'm using 2.1.7 . :( what should i do to make this board secure? i'm update the security patch issues, maybe should i change to vbulletin?

this is the message, now i'm trying to restore from the last backup last week. :( blah... headcache...

---------

mySQL query error: SELECT m.id, m.name, m.mgroup, g.g_access_cp FROM ibf_members m, ibf_groups g WHERE m.id=1 AND g.g_id=m.mgroup AND g.g_access_cp=1

SQL error: Table 'orange14_newforum.ibf_members' doesn't exist

SQL error code:

Date: Saturday 18th 2006f November 2006 07:05:19 AM

---------

Edited by OrangeMood
Link to post
Share on other sites

18 answers to this question

Recommended Posts

  • 0
DreadBoat89

you are using 2.1.4... which has so many issues. especially when the latest is 2.1.7 and 2.2 is coming out shortly...

your board is getting hacked because you arent updating

Link to post
Share on other sites
  • 0
OrangeMood

you are using 2.1.4... which has so many issues. especially when the latest is 2.1.7 and 2.2 is coming out shortly...

your board is getting hacked because you arent updating

no, sorry i'm not write it, now i'm using 2.1.7 and still hacked...

Link to post
Share on other sites
  • 0
Snoopy2005uk

make sure your passwords are secure, ask your host to check what IPs have been accessing your database and block it.

Maybe you have done an upgrade wrong? are you 100% sure its been hacked?

Link to post
Share on other sites
  • 0
Cole

make sure your passwords are secure, ask your host to check what IPs have been accessing your database and block it.

Maybe you have done an upgrade wrong? are you 100% sure its been hacked?

The main IPB company website has been hacked on it's own waay too much. Switch over to another product like vBulletin or Mybb or something similar.

Link to post
Share on other sites
  • 0
Fred Derf

The main IPB company website has been hacked on it's own waay too much. Switch over to another product like vBulletin or Mybb or something similar.

They can all be hacked. IPB has had a bad few months, that I won't deny, but it happens to all of them.

So far, we haven't had to restore any backups or deal with any complicated problems.

/me knocks on wood.

Link to post
Share on other sites
  • 0
omegabyr

Make sure any mods that you have installed are up to date.

Link to post
Share on other sites
  • 0
Quillz

The main IPB company website has been hacked on it's own waay too much. Switch over to another product like vBulletin or Mybb or something similar.

And when those solutions get hacked, then what?
Link to post
Share on other sites
  • 0
Tomi

The main IPB company website has been hacked on it's own waay too much. Switch over to another product like vBulletin or Mybb or something similar.

Yes, because those products have never been hacked. Right. :rolleyes:

IPB's been the main target over the past few months, and since then, IPB 2.2 has taken lots of security audits to make sure that the possibility of a repeat doesn't happen again.

You can't ever be fully secure these days, that's starting to grow impossible as knowledge grows.

Anyways, check for any backdoors. In 2.1.7 there's a security centre 'feature' that can help you do that, in the ACP.

Link to post
Share on other sites
  • 0
alen33

convert to vb, save urself the hassle

Link to post
Share on other sites
  • 0
wctaiwan

:/ Just keep your board updated... I suppose that's all you can do. And converting to another system won't necessarily solve the problems, they'll just hack you all the same. There is no absolutely secure bulletin board software.

wctaiwan

Link to post
Share on other sites
  • 0
Schentler

also ... make daily backups of your site!!!

Link to post
Share on other sites
  • 0
roosevelt

Here are some some of the things you need to do or watch yourself for.

  • Look around your IPB board folders and search for any file names with config.txt, c.txt, database.txt and/or conf_global.txt. Some retarded web host are so bad that sometimes an exact copy of a file with php extension of those names are re-created with the .txt extension. And makes it really easy for the hackers to open those files and read your database details.
  • Use a php script which downloads your database and sends them via email to you. Then setup a cron job to execute that file.
  • If you have phpmyadmin or similar files under /www or /public_html then get rid of it from there.
  • If your config files or something that shouldn't be accessd by http:// then CHMOD them to 644 for the files and 755 for the folders.
  • I hope you are not running a nulled/cracked version. Because hacker/crackers actually leaves back doors open.
  • If you are hosted in a shared server, then make sure in apache (if using) Prevent Users from reading other webroots is turned on.
  • Switch to vBulletin. I used phpBB, IPB, WowBB, and many others. Among them vBulletin was really cool with me.

That's all I can think of.

Link to post
Share on other sites
  • 0
lerum

IPB 2.2 Final is coming out really soon, I'd wait till that comes out rather than shed out more money for vB.

After their experiences with flaws in IPB 2.1 they put IPB 2.2 through a security audit to make sure its even more secure :)

Link to post
Share on other sites
  • 0
Quillz

convert to vb, save urself the hassle

Except that vB can and has been hacked in the past. vB is no more secure than IPB.

Link to post
Share on other sites
  • 0
roosevelt

Dude everything that that has a lock can be opened. In other words if you claim IPB is more secure or vB is more secure then both of you will be wrong. Its just a matter of time or how many hackers out there trying to break which lock first.

Link to post
Share on other sites
  • 0
p858snake

have you been banning the ip's that have been attacking your forum from the site

Link to post
Share on other sites
  • 0
xDayan

also ... make daily backups of your site!!!

I do that, they get send to my e-mail and backed up on my site too.

Link to post
Share on other sites
  • 0
Victor V.

Some warez products come with hidden codes to hack newbies. That's why you should make sure you took it from IPS Corp...

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.