Author Topic: How forums get hacked, well, most of the time...  (Read 22782 times)

LowWaterMark

  • Administrator
  • Newbie
  • *****
  • Posts: 15
  • Security Guy
    • View Profile
How forums get hacked, well, most of the time...
« on: July 11, 2014, 12:28:31 PM »
Over the past year, a large number of the publicized forum hacking incidents have had as their root cause compromised access to forum staff or ftp account credentials.

While many people believe that most of the hacks happen because of unknown software bugs or zero-day exploits, that is simply not the case with most forum software hacks.  If you look at the major forum software packages, you will not see many updates in the last year because of some serious new exploit found in the code.  Yet, forums keep getting hacked.

As a consultant that assists forum owners with security matters, most of the hacks I've worked on were caused simply by staff members reusing passwords at multiple sites.  Then, when one of the other sites has its database compromised, the passwords recovered from there are used at other sites, often leading to additional hacked forums.  And, this just keeps going.  Passwords from that site, then in turn, are used to hack the next site...

Moderator or Admin accounts being accessed by persons unknown is much more common than people think.  So, my advice is that you tell your staff to never use the same password at more than one site.  If they have, they should change the password on your site immediately!

Also, maintain proper security over domain/ftp account passwords.  Change them whenever any staff change occurs, consultant finishes a project, or, if there's any chance that a password was communicated insecurely.

The vast majority of forum hacks could be prevented if the staff and server side passwords are simply kept unique to each site.
Forum and website security consultant