HOT Ultimate Guide to securing your Forums

[webwizzy]

Securing your forums from Hackers:-

1. Always Keep your vBulletin updated to the latest version taking special care of any security fixes.

2. Use the Rename admincp directory feature in config.php. Rename it something like 73023cp.

3. Keep your following directories .htaccess protected. Most users can do this via Password Protect Directories option in cPanel.

admincp/
modcp/
includes/
install/

Even vBulletin.com has htaccess protected the above directories.

4. Edit your config.php to make yourself an undeletable user.

5. Keep your vBulletin superadmin, FTP/SFTP and .htaccess username/password unique. You can use the Random Password Generation feature in cPanel or let sites like http://www.goodpassword.com/ generate them for you. If you have enough rights to your server, use SFTP.

6. Make sure you have your vBulletin PHP files chmod 0644 and NEVER 0777.

Good permission for files: 0644 (rw-r--r--)
Good permission for folders: 0755 (rwxr-xr-x)

7. Keep your forum as much clean as you can. Stay away from mods that you think won't benefit your community much. The lesser the mods, the more secure your forum is.

8. After uninstalling mods/hacks from vborg, do not forget to Remove the files that you uploaded with the hack.

9. Never allow HTML in posts, PM's and sigs.

10. You should NEVER upload the contents of do_not_upload folder like tools.php from the downloaded vb zip on your server. If ever you need to upload them, delete them immediately after use.

11. Make sure you do not have impex/ folder lying on your server. Remove it after use.

12. Keep your attachments/ and albums/ folders above site root i.e. above public_html.

13. Never save a backup of your database under public_html as that would make your database downloadable to the world.

14. Keep your PC periodically tested against viruses, malwares and trojans.

15. Make sure you do NOT have admincp directory (or whatever you renamed it as) listed in your robots.txt.

16. For official vb staff's always updated tips and tricks to make your forums more and more secure, visit this thread.
http://www.vbulletin.com/forum/showthread.php?t=194701


Securing your forums from Spammers:-

I think this thread by the official vb staff will be enough for taking care of our spam problems.
http://www.vbulletin.com/forum/showthread.php?t=275800

Some points to highlight:-

1. Use Recaptcha and Add an Extra question to the Registration to prevent bot registrations. IMO, Question and Answers is the best spam preventing tool I have seen. And yes, do not add too complex questions.

2. There's no harm in getting an Akismet Personal Key and enabling the option in admincp->vbulletin options->Spam Management. You may set the Spam Scanning Post Threshold to 2 or 3.

3. List of email domains to Ban

4. You can ban usernames containing words like sale, offer etc. in User Registration Options->Illegal Usernames

5. I would largely recommend this mod from Andy Huang (vb staff) that Detects Spam based on Keywords Weight. It works perfect on my latest 3.8.4 board and believe it or not, I could see the human spammer (from who's online ofcourse) getting an error message while creating a thread and leaving the board frustrated.

Hope you find it useful, will keep it updated

[Spec_tray]

Good info webby...

Security is one of the important part always ..

Spec_tray

[LeVampirE]

Thanx admin for this guide but there's something that i don't know howa do to it

4. Edit your config.php to make yourself an undeletable user.

As Said by webwizzy

any idea please ?

[webwizzy]

Hi Vampire..

Its easy. Just open your forum\includes\config.php file. Look down for this line of code:-

PHP Code:

$config['SpecialUsers']['undeletableusers'] = '1'; 


where 1 is your User ID.