simple vBulletin questions

StuntFactoryX · 11-14-2006, 04:55 AM

i have some random questions that i cant find a everyday answer too.

i read alot about security holes, getting hacked, vBulletin security upgrades, shout box opening doors, flash chat and the list goes on. first of all, who hacks these sites and why. if i was to get hacked would it be sombody i upset targting me or just some random virus like thing traveling around the net? and if i did ge hacked how bad is the fix usauly? i have a shoutbox and flashchat but i stay upgraded on vBulletin. am i super exposed or is it a long shot?

spam.. i see people complaining about that... is this too people signing up on my site and posting.. or is this a computer adware like thing where some program spams my site?

search engines.. i have a sportbike website in rochester ny. if i wanted google to recognize that if sombody googled "sportbike forums rochester" being im the only one here how do i make that happen? is that somthing vbseo would do? i see alot of vbseo and Search Engine Optimization topics but they get so complex. im not interested really in advanced Search Engine Optimization. i would just like to found if sombody specificaly was looking for me and forgot my domain name.

last quesion is what is xmtml compliant or whatever that is. is it important? what if your not? valid css.. all the stuf i see people concerned w/ in adding hacks?

thanks and sorry so random.

Ohiosweetheart · 11-14-2006, 05:15 AM

About hackers... everyone has an opinion, so I'll give you mine

The site that I sold a few weeks ago was hacked yesterday and I got called to clean up the mess.
IMO... most hacking is done by teenage kids with way too much time on their hands and WAY too little parental attention and discipline.
However there is the serious, and most times more experienced hacker, who can do serious, if not permanent, damage to your site. In all likelihood, a hack job to your site isn't usually someone you pissed off. Large corporations get targeted. You get messed with. Not fun, and we think, "why me?". Well... why not you? lol Irritating, I know.

For all of the above reasons, it is important, to me at least, to do every upgrade that vBulletin puts out, if they tell you there's a security risk involved. Now I bolded that statement for a reason. I don't do every single little upgrade immediately, if it's just for little bug fixes and my site is running fine. Yeah I'll do it eventually, but in my mind, if it's not a security risk, then I can breathe easy and take my time.
But for the security risks, do them pronto.

Spammers... haha... they can be people, bots, programs, etc. One of these other guys can tell you more about that. I just know I hate 'em.

StuntFactoryX · 11-14-2006, 05:25 AM

thanks for the info... so spammers and hackers use your own Search Engine Optimization aginst you? thats how they usauly find you? is that a good assumption? so by staying private and low key that could help me stay below their radar?

i have 350 solid users that are my friends and local.. sure i would like to grow... but not at their expense or by jepordizing my boards.

Code Monkey · 11-14-2006, 07:27 AM

Spammers are just part of every day life on the net. They want to make sales and they are not affraid to use you to do it. Really though, they are looking for uncared for sites. If they are banned and posted eliminated right away, they know that there are other sites that are less cared for and the posts stay for awhile. The problem is, they actually get sales from this. So really, it's the average internet user that is at fault here.

Eric · 11-14-2006, 10:06 AM

Regarding security. Well if the hacker is messing your site because you didn't upgrade when everyone told you, well you played with fire and got burned.

What is worse is when you have a non secure script and via that they can get higher on server level and kill it, bringing down all accounts, that's even worse.
Others might be regular to upgrade and keep all secure.. but one is faulty and kills all, that's something to keep in mind. If you share the server, you're also 'responsible' for others security (read account - money)

As sys admin it is also a big job to keep the server as tight as possible but with moments you're stuck.
Latest example. PHp 5.2.0 has been released with new feature but also to close a few nasty gaps. But actual Zend optimser is not compatible (for as much I experienced)... scripts using it like vbseo (zend is one of the 2 options) will break......

As sys admin you 'should' upgrade but then you have customers ' yelling broken scripts' and they really can't help it.

Basically I can only advise, be as tight as possible, try to avoid misery is always easier then solving it. And always think about the neighbour that might be affected by your decision.

Stoosh · 12-14-2006, 11:15 PM

there will be hackers/spammers everywhere, its our job as admins to help put a stop to this by putting in extra security fixes!

Code Monkey · 12-14-2006, 11:23 PM

Quote:

Originally Posted by Stoosh

there will be hackers/spammers everywhere, its our job as admins to help put a stop to this by putting in extra security fixes!

For example?

Ohiosweetheart · 12-14-2006, 11:43 PM

Quote:

Originally Posted by Stoosh

there will be hackers/spammers everywhere, its our job as admins to help put a stop to this by putting in extra security fixes!

sounds good in thought and theory, but the fact is, there isn't one single security fix that's going to keep out all spammers. You keep adding, they'll always find a way through or around it.

Now I'm not saying don't add security fixes. I'm just saying don't be lulled into a false sense of security, either.

Eric · 12-14-2006, 11:48 PM

as admin you have many options to compile apache, php etc... phpsuexec is one, safe mode on is another, jail shell one more, install an active firewall instead a pssive one... chkrootkit... I'll stop here..
Just to tell that a serious admin is doing best he can to avoid corruption of servre but even then, if people don't keep their scripts up to date on that server, and with hackers being mostly a lot better coders then we are.. you can get exposed and dpending on how good he is, he'll just mess a page, install nasty wroms opening ports, a spammer script, phishing site.. name it, you see it all... and yesterday one of the servers I watch was killed... hacker was to good and I wasn't in time to find the origin, though stopped the spamming part quickly... dc is on it now since remote you're limited...

It is the result of everyones hp that keeps a box tight... if those renting hosting let go and install whatever... you're exposed, and that's part of hosting. Once in a while you loose... luckely most you win..