Page 2 of 2

Re: Test hack my site

Posted: Sun Dec 30, 2018 5:12 am
by John connor
bonelifer wrote:
Sun Dec 30, 2018 12:23 am
Lumpy Burgertushie wrote:
Sat Dec 29, 2018 10:36 pm
or... you could just sit back and enjoy your board and not worry so much about the very slim possibility of your board getting hacked. ;) :D

I would bet money that if there were any hacks around for phpbb that we would certainly be hearing about them.

I would bet money that YOU would be hearing about them before most of us would.

Point is he's looking for people to test his entire site. He's come here because he trust most of the people here, not to destroy his site. Obviously the way he's gone about posting it in a totally public forum isn't the safest way to go about it as it also attracts people from outside this forum...
I'm aware of that, and was aware of that when I made my topic. But I'm not at all worried about it. I'm pretty confidant that I've secured the site the best I know how. And even if the site is defaced or whatever I have loads of backups. The backups are encrypted and stored in cloud hosting sites, in my home FTP server and on DVD/RW stored in a fireproof safe. So yeah, I go all out. :lol:

I may just go on ahead and head on over to Fiverr and see what I can find in terms of cost. Last time I looked the full fledged "hack test" was around $100. It's just I'm sure all they use is those tools you can get for free to test your site for vulnerabilities. I already ran those and upon its first scan it immediately gets a 403. So there's that.

Re: Test hack my site

Posted: Sat Jan 05, 2019 11:59 am
by thecoalman
John connor wrote:
Sat Dec 29, 2018 10:17 pm
I'm aware that phpBB goes through some kind of security audit?
Someone else can correct me if I'm wrong but the only paid third party security audit I'm aware of was the original one done in '07. phpBB2 had a very bad reputation and the lead developer of the time Acydburn had a focus on security for phpBB3. In fact development of 3 was slowed because they went back and fixed many issues in 2 while 3 was still under development. That paid audit for 3 found no major vulnerabilities, there was some recommendations made made for minor things all of which were implemented.

Re: Test hack my site

Posted: Sat Jan 05, 2019 12:22 pm
by thecoalman
Lumpy Burgertushie wrote:
Sat Dec 29, 2018 3:03 am
I am aware that nothing is "unhackable", however, one has to admit that phpbb has been a target of hackers for years. considering this and the fact that there have been no successful hacks of phpbb3 since it came out in 2007, I would have to say it is pretty safe from hackers out of the box.

phpBB3 has to get it right every time, someone looking to find an exploit only has to get it right once. phpBB3 clearly has outstanding track record but that can change overnight. Also keep in mind just because your phpBB3 installation itself is secure doesn't mean it's secure from other vulnerabilities.