How do you make your forums as safe as possible from hackers please?

Anyone have any tips for making a phpbb3 forum as safe as possible from hackers please ?

Any help appreciated.

Dez.

Thanks for the extra info on this, it’s appreciated. I’ll do some more work on this.

We have created our own programs to do this, but you can do the same with a cron job that downloads your entire with ftp, then does a diff on the files on your site now versus the files on your site when it was last updated by you.

This is safe and depending on your site, quite quick as well. Keep in mind that the posts from a forum or blog are stored in the database so these won’t be checked, but you could setup a routine to do a SQL export and compare these as well.

Then on the diffs, run a good, updated anti-virus program to see if any of the changes made to the files on the site are malicious. The problem is that the anti-virus companies don’t always catch today’s malscripts (malicious scripts).

But that should give you a good start.

For file integrity checking you can use:
SAMHAIN
or just about any version controlling system.
Also you could use QualysGuard or similar service to give you alerts if some security problems arise.

I usually get email notifications of replies, but none came for this topic, so sorry for late reply.

Where / how do you monitor things to see any file chnages please ?

The best thing to do is to keep it updated with the latest software patches. Then monitor the files on the server to see if there are any changes. Quite often, we’ve been seeing new variations of backdoor shell scripts added to websites. The owners never know they’re there until their account or their website is blacklisted.

Pls write your own code, directory jail your site and then remove from your server as much as possible