Login
Username:

Password:

Remember me



Lost Password?

Register now!

Sections

Who's Online
127 user(s) are online (120 user(s) are browsing Forums)

Members: 0
Guests: 127

more...

Support us!

Headlines

 
  Register To Post  

Server security on www.Amigans.net
Home away from home
Home away from home


See User information
Just reposting a reply I made to Mikey_C on the old site, in case it gets missed, since I think this is an important topic:

@Mikey_C Quote:
I just had some info from our benefactor. The site was attacked once more. It is now in recovery console and I don't know when it will be back.

Ouch . It appears that using (what I assume was) the latest up-to-date forum software is not sufficient for security. When I previously asked someone about forum security, I was told that it is best to either use custom software, or else install the standard software in non-standard locations, so that hacking bots/software will not work on it.

Quote:
To be honest, I am just fed up with the whole thing. If it doesn't comeback I for one won't be too upset. I am sick and tired of all this crap.

Given what I wrote above, it seems we have two options:
1. Switch to some custom forum software. Orgin's hand-crafted forum system used for temp.Amigans.net would seem to fit the bill.
2. Get the EXISTING www.Amigans.net forum up-and-running again, but this time move all the server software to non-standard locations. This seems the easier option.


While in principle I have no objection to using Orgin's hand-crafted temp.Amigans.net site (system) instead, the problem is that we would loose (a) a huge amount of really useful threads, and (b) potentially many users may not bother to re-register because of the hassle (although I hope this would not be the case, you never know).

I am sure it is possible to transfer all those threads & user accounts across, but the problem is it would need a lot of work by one or more people with a lot of experience of web forum management (and databases in general).

Author of the PortablE programming language.
Go to top
Re: Server security on www.Amigans.net
Home away from home
Home away from home


See User information
I always use custom code on my websites for very much that reason, I wouldn't be suprised if my custom code was easier for a human attacker to break through, but it's never going to get a bot written for it.


Go to top
Re: Server security on www.Amigans.net
Home away from home
Home away from home


See User information
Thank god it's up again. :)

Makes me wonder, who would want to attack us all the time? Suspicious.

X5000
Go to top
Re: Server security on www.Amigans.net
Home away from home
Home away from home


See User information
Quote:

Antique wrote:
Thank god it's up again. :)

Makes me wonder, who would want to attack us all the time? Suspicious.


My website gets attacked every day by scripts designed to exploit weaknesses in various CMS software. To date, none of them have been successful though.

It's possible that someone came up with a highly successful script because this website wasn't the only one that I tried to visit that suddenly stopped working over the weekend.

Hans

Join Kea Campus' Amiga Corner and support Amiga content creation
https://keasigmadelta.com/ - see more of my work
Go to top
Re: Server security on www.Amigans.net
Just can't stay away
Just can't stay away


See User information
Thanks to those for fixing the glich! That's worth a donation from a favorite PAL...

Go to top
Re: Server security on www.Amigans.net
Just can't stay away
Just can't stay away


See User information
@staff

Were any passwords stolen this time possibly ?

Rock lobster bit me - so I'm here forever
X1000 + AmigaOS 4.1 FE
"Anyone can build a fast CPU. The trick is to build a fast system." - Seymour Cray
Go to top
Re: Server security on www.Amigans.net
Not too shy to talk
Not too shy to talk


See User information
@ChrisH

Do you know how the other Amiga forums are doing this? Are they using some custom forum software? For example I don't remember that this kind of things have happened to Amigaworld so far. But it has happened already twice at Amigans, although this site is newer.
I hope the security will improve over time.

Go to top
Re: Server security on www.Amigans.net
Just popping in
Just popping in


See User information
1. The site was not hacked, it was subject to a DDOS attack after a dictionary attack on shell accounts failed.

2. This happens to sites all the time on the internet, but this site is hosted as a gratis favour so it isn't a high priority for us.

3. The site was brought down by me whilst I checked how far any hacks had gone, improved the security.

4. As far as I am aware no passwords were stolen, but you should reset your passwords as a matter of course regularly and never be so stupid as to use your passwords on a forum for anything important.

Whilst generic forum portal software is hard to keep secure if the administration staff do not apply regular patches - and even then - hosting custom portal software is no more likely to be secure if the target is tempting. Amigans.net is obscure and very much off the radar, therefore I do not think you need to worry unduly as most "hackers" just google for forum software version strings or typical URLs that identify the forum software and then attack that using known exploits and scripts OR they just attack a range of addresses.

Because much like the adminstrative staff of the forum software (not the same thing as the server) this service is provided voluntarily, if you want better service it would need to be paid for.

In this instance, I reiterate, it was not the forum software that was exploited (as far as I can ascertain) just a brute force attack. So the thread is pretty much moot.

Go to top

  Register To Post

 




Currently Active Users Viewing This Thread: 1 ( 0 members and 1 Anonymous Users )




Powered by XOOPS 2.0 © 2001-2024 The XOOPS Project