How to Prevent your forum from being taken out « Thread Started on Mar 19, 2007, 2:40pm »
Everywhere you look, if you are looking, you will find a forum that get cracked and destroyed. There are ways to prevent and stop this. You just need to know where to look and what to do.
How do they do it?
One day you log onto your forum. You put your username: admin and your password ********. Wait! It doesn't work! "Have I been hacked?" "Did one of the admins I thought I trusted betray me?" Allot of things are going through your head right now I bet. Well, let me tell you something; you’ve been cracked. “Cracked? No I’ve been Hacked” Is that what you thought it was? Your wrong.
First let me go through the difference between hacks and cracks. When someone hacks your forum, they run scripts on it to gain FTP access. But when they crack your forum, they somehow get your password and take over your account. You can crack someone’s account without even knowing one thing about hacking. There is a big difference.
Passwords
Okay, we know what they do but the real question is how they can do it. It’s usually one out of two cases. One, your administrators or global moderators did it; we will cover that later, or 2 your password was found out by a someone else, and your account taken over. Let’s think for a minute. Your password was found out. Why? Was it a good password? Where did you go wrong? Lets find out.
Ask yourselves these questions:
Was your password your birthday? Was it just 5-6 letters? Did it begin with a vowel? Was it just numbers? Was it just letters? Was a a type of word, something that made sence what so ever? Was it your pet, something in someone close to you could guess, or part of your name?
Have a few gasps? If any of those questions were yes, that is why you were cracked. If not, the password was still simple enough to be cracked with a cracker.
How to crack a password? It’s not really that hard. All to need is the right tools: Some brains, knowledge of the person you are trying to crack, and a good password cracker.
We already went over knowing the person, but what’s a password cracker? There are 3 types: A Brute Force Wordlist, Brute Force Password Generator, and a Dictionary Cracker.
The Brute Force Wordlist Cracker has a word list with hundreds if not thousands of words on it. Most of the time the Brute Force is used to crack numeral passwords, but it does just fine with words. It try’s to login under your name quietly using all of the passwords on the word list.
The next one is the Dictionary Cracker. It try’s to login using all the words in the dictionary. NEVER use a word in the dictionary in your password.
And last is the Brute Force Password Generator. This one is the worst and most dangerous. It starts with 4 letter words. Using AAAA then AAAB then AAAC and so on. After 5 or 6 hours it might just get your password if it tomw tomx “tomy”. It If it fails in the 4 letter words, once it gets to ZZZZ it will reboot going to 5 letter words: AAAAA, AAAAB, and so on. It also eventually cracks your password if it’s a number password too.
“Well what do I do?” “Am I not safe?” “This thing will always crack my password!” No it will not always crack your password. You will eventually be safe with enough work. Only if you are willing to go through with it.
How can you prevent your password from being cracked?
It’s not that hard, just painstaking. Your password should use numbers and letters, have lower case and capital, and have “~!@#$%^&*()_+” in them(If you can that is).
If you really want your password to be safe make it about 14 characters if allowed. If not allowed, make it as many characters as it will allow.
What you can also do, is use a Password Generator. This will generate a password using the strangth you choose(I suggest you use 14 or 20).
Try out your password with a Password Meter. It will tell you weather it is strong or not. Hotmail has a great one here: https://accountservices.passport.net/reg.srf?id=2&sl=1&lc=1033 Go there to test out your password.
A good password will take months to crack, so juse remember to change your password every 2-3 weeks.
Admins and G-Mods
It wasn’t the password, it’s you most trusted(or maybe not that trusted) Administrator or Global Moderator. What do you do? You can try to get another Administrator on your forum to get your password back, other then that there is not that much you can do. But you can prevent it.
This is what you need to do, first of all, chose your Admins and G-Mods carefully. That is one of the biggest mistakes. Only let a member be an admin if you know them personally or trust them 100%(All the Admirals at TST, I have their phone number, some I have even talked with via phone). Next a G-Mod is a Global Moderator. They should not have power to edit headers and footers, mass administration or anything like that. They are just like Moderators but can moderate all the boards. Are you giving a Moderator the powers you are giving to G-Mods? If you want, give the G-Mods the power you want, but don’t let them edit profiles, or atlaset change member-groups. Your best bet is not letting Administrators edit member-groups either.
Creation, Betrayal, Peace, the Fall of Empires, the Rise of Empires, Wrath, Victory, the Past, the Future, Death, Resurrection, Eternity... Read the Bible... It will scare the "Hell" out of you!
![[Home]](http://i17.photobucket.com/albums/b60/Bollower/tstubbc/home.gif)
![[Help]](http://i17.photobucket.com/albums/b60/Bollower/tstubbc/help.gif)
![[Search]](http://i17.photobucket.com/albums/b60/Bollower/tstubbc/search.gif)
![[Calendar]](http://i17.photobucket.com/albums/b60/Bollower/tstubbc/calendar.gif)
![[Login]](http://i17.photobucket.com/albums/b60/Bollower/tstubbc/login.gif)
![[Search This Thread]](http://i17.photobucket.com/albums/b60/Bollower/tstubbc/asearch.gif)
![[Send Topic To Friend]](http://i17.photobucket.com/albums/b60/Bollower/tstubbc/asendtofriend.gif)
![[Print]](http://i17.photobucket.com/albums/b60/Bollower/tstubbc/aprint.gif)
Author
![[avatar]](http://s4.images.proboards.com/avatars/angryboy.gif)
Logged