UBB.Developers Forums UBB.threads 7 Development How Do I? UBB security

Hello,

Can anyone point me to an article that outlines the security steps one should take to protect a board from being hacked? Or, just offer some brief steps on what every admin should do security-wise?

Thanks!

slacker_100

1) Turn HTML off
2) Keep the Members directory below the web rot
3) Don't use the same password you use elsewhere

Tada. That's it.

if you cant do step 2, putting a .htaccess file in the members dir, one that denys from all, would be a good idea.

imo it is a good idea to have the variables dir seperate from the cgi-bin, and set up the cgi-bin so it is non writeable. then keep both the members dir and the variables dir below the web root...

"below the web root" = "outside the web root" (less ambiguous )

You could even put your member files on a totally separate drive or partition.

Can you give me an example of what kind of damage can be done by someone using an HTML script? Can the password be obtained this way, or is it more a doing-damage/wreaking-havok thing?

[ 01-20-2002 01:44 AM: Message edited by: slacker_100 ]

Why are you so interested?

Just trying to gain a little knowlege, that's all. I'm a believer in knowing your enemy (and his methods).

If it's too sensitive a subject here, I'll ask elsewhere. Thanks for the info everybody.

For example, in UBB 6.1.0.3 or 6.2.0 Beta Release 1.0 and above there is a huge bugs that lets the users... I won't tell you. ... you can change anything. It's the best to hide vars_config.cgi and such. Also that they can't find members path... I won't tell you why .

lol