What's New
Off Topix: Embrace the Unexpected in Every Discussion

Off Topix is a well established general discussion forum that originally opened to the public way back in 2009! We provide a laid back atmosphere and our members are down to earth. We have a ton of content and fresh stuff is constantly being added. We cover all sorts of topics, so there's bound to be something inside to pique your interest. We welcome anyone and everyone to register & become a member of our awesome community.

Hacked + Software Upgrade

Status
Not open for further replies.
+Justice said:
DarkGizmo said:
Why wouldn't you upgrade your forums regularly? It's kinda a good practice to keep the place as secure as possible so this doesn't happen in the first place. :P
Click to expand...

because 1.8 and 1.8.1 is new and don't have all the options that 1.6 has...

just because there's a newer version of something doesn't mean it's not hack-able or safer...
Click to expand...

Generally how it works is, newer versions offer bug fixes, new features, performance improvements and security enhancements. 
 
generally yes, but with 1.8 and 1.8.1, have been many issues and less plug-ins due to being a new version and the old plug-ins aren't compatible, unless you find a way to code it to work with the new 1.8, which is a risk of itself... being secured is an illusion...
 
Plugins are any kind instantly degrade your security regardless if they're compatible or not.
 
If you guys would like an analysis done of the plugins you use, I can search through the code and look for any vulnerabilities. I'd be more than willing to collaborate to help find and patch what could have caused the hack.

Crusader said:
Plugins are any kind instantly degrade your security regardless if they're compatible or not.
Click to expand...

I'm not sure I follow, care to elaborate?
 
Payton said:
If you guys would like an analysis done of the plugins you use, I can search through the code and look for any vulnerabilities. I'd be more than willing to collaborate to help find and patch what could have caused the hack.


Crusader said:
Plugins of any kind instantly degrade your security regardless if they're compatible or not.
Click to expand...

I'm not sure I follow, care to elaborate?
Click to expand...

I should proof read before submitting. Corrected the spelling error. 

Plugins if poorly coded can have flaws in them that can be manipulated. Not to mention these plugins latch themselves onto the forum software modifying it to create it's desired function. This can create security holes that can be exploited. And the more plugins you have, the more likely they may cause conflict with one another which can possibly cause further risks. 
 
Remember a few weeks ago when several members, me among them, noticed that some of their profile default settings had suddenly gone spazoid?

Perhaps this belongs in the Conspiracy thread but.....

... seems odd that not long after that, and the theme/format change, that the board gets hacked.

Personally, I don't believe in coincidence.
 
+Justice said:
Princess Alexandros XVII said:
I like the new dark theme.

I have no real opinion on plugins, as I can't think of very much that Off Topix actually used that is memorable to me. Awards I guess? Aside from that...
Click to expand...

not just the awards, simple things that make a forum unique from the others as well as small things like bbcode and smily options in the fast reply, etc.!
Click to expand...

So basically, lots of things that I never used, and therefore wouldn't notice being gone. Okay.
 
Well it could have been plugins, outdated software or I just had a weak password. Whatever it was I have increased security all around and making backups frequently.

We're still under construction but more features are coming soon. :)
 
I like how you tried to make Off Topix look like it used to :)

Although one thing I do not like.... even with the upgrade you still choose to use those html pages for Rules etc when there are plugins that make the pages look better.
 
Changed password for me too. :)
Sorry to hear this Nebulous... but I'm glad you back up regularly... 4 days isn't bad at all and I know some people had to re-register (and lost all their progress if they were fairly new), but it's a small price to pay when they could have taken down the site completely. I've seen some hacks so vicious that they lost everything, mainly due to the admin not backing up often, but I'm glad it wasn't a bigger hit here. :)

#Off Topixstrong!
 
Crusader said:
I should proof read before submitting. Corrected the spelling error. 

Plugins if poorly coded can have flaws in them that can be manipulated. Not to mention these plugins latch themselves onto the forum software modifying it to create it's desired function. This can create security holes that can be exploited. And the more plugins you have, the more likely they may cause conflict with one another which can possibly cause further risks. 
Click to expand...

I see now, I kind of thought that's what you were getting at. You're right too, especially amongst the PHP community. PHP is a forgiving language so it's prime for novice web developers to dive in and start producing. This sadly means that a lot of code contributed to software like MyBB is prone to being buggy!
 
I always check the code for plugins I'm using very carefully before I install them. I'm down to about six plugins on my forum, all of which are either self coded or reputable plugins. I will agree that when 40+ plugins are used, there is certainly a security risk though. I remember a promotion forum a while back that was hacked through, of all things, a plugin to add a Skype field to user profiles. It doesn't have to be a big plugin to have a security flaw. :P

I'm not one to say that plugins should never be used. MyBB lacks certain relatively essential features in my opinion, but certainly caution should still be used.
 
Hate to say it, but these hackers have kind of done something good with their mischief, they've increased awareness of possible flaws and made a few forum admins a little more security conscience.
 
Status
Not open for further replies.
Back
Top Bottom