Page 1 of 2

Test hack my site

Posted: Fri Dec 28, 2018 6:12 am
by John connor
:lol: I saw some services at Fiverr for testing your site against hacks, but they cost you at least a $100. Anyone know of a free service or something cheaper that will test my site?

Re: Test hack my site

Posted: Fri Dec 28, 2018 8:54 am
by david63
I am sure that if you posted on the "dark web" that somebody would take up your invitation.

Do you have your own server? I cannot see your hosts being very impressed if you don't!

Re: Test hack my site

Posted: Fri Dec 28, 2018 9:23 am
by warmweer
John connor wrote:
Fri Dec 28, 2018 6:12 am
:lol: I saw some services at Fiverr for testing your site against hacks, but they cost you at least a $100. Anyone know of a free service or something cheaper that will test my site?
Will you need your site back after the test? Or can I just go ahead without taking a backup? :lol:

Re: Test hack my site

Posted: Fri Dec 28, 2018 10:01 am
by Mick
Are you talking about a phpBB installation or a webserver as any hacking attempt would be different?

Re: Test hack my site

Posted: Fri Dec 28, 2018 10:25 am
by John connor
warmweer wrote:
Fri Dec 28, 2018 9:23 am

Will you need your site back after the test? Or can I just go ahead without taking a backup? :lol:
Don't worry about backups. I do that all the time, encrypt them and store them in various places including a DVD/RW disk stored in a fireproof safe. Plus my host makes one offsite backup every 24 hours.

Re: Test hack my site

Posted: Fri Dec 28, 2018 10:27 am
by John connor
Mick wrote:
Fri Dec 28, 2018 10:01 am
Are you talking about a phpBB installation or a webserver as any hacking attempt would be different?
Primarily a phpBB installation. I've ran some tools but my security immediately throws a 403. Wondering if there are any weaknesses I have and if so what to do to fix them.

Re: Test hack my site

Posted: Fri Dec 28, 2018 10:37 am
by Mick
As has been said in the past, almost ad infinitum, phpBB has no known vulnerabilities. What could you have possibly done to change that? Have you experienced any oddities that look like someones been fiddling?

Re: Test hack my site

Posted: Fri Dec 28, 2018 8:17 pm
by EA117
Mick wrote:
Fri Dec 28, 2018 10:37 am
As has been said in the past, almost ad infinitum, phpBB has no known vulnerabilities.
The question really doesn't need any more basis than "looking for the unknown ones, then."

Re: Test hack my site

Posted: Sat Dec 29, 2018 3:03 am
by Lumpy Burgertushie
I am aware that nothing is "unhackable", however, one has to admit that phpbb has been a target of hackers for years. considering this and the fact that there have been no successful hacks of phpbb3 since it came out in 2007, I would have to say it is pretty safe from hackers out of the box.


robert

Re: Test hack my site

Posted: Sat Dec 29, 2018 11:15 am
by Mick
EA117 wrote:
Fri Dec 28, 2018 8:17 pm
The question really doesn't need any more basis than "looking for the unknown ones, then
Fuelled by paranoia I suspect.

Re: Test hack my site

Posted: Sat Dec 29, 2018 3:52 pm
by bubbathegimp

Re: Test hack my site

Posted: Sat Dec 29, 2018 8:46 pm
by EA117
Mick wrote:
Sat Dec 29, 2018 11:15 am
EA117 wrote:
Fri Dec 28, 2018 8:17 pm
The question really doesn't need any more basis than "looking for the unknown ones, then
Fuelled by paranoia I suspect.
Possibly. Possibly you even meant that "as a bad thing." 😉 All the vulnerabilities I didn't know about before are because somebody looked for them.

The "it's been years" argument is way more permeable than the sound byte wants us to believe, when new revisions of underlying frameworks are part of the phpBB package. Even if phpBB had changed 0% of its own code, it's possible for vulnerabilities to have been introduced in last week's release, let alone last year's. The goal is to not introduce any, but it happens anyway by the collusion of factors we can't always easily predict.

The man just wants to test his site. "Best case scenario" is that there really isn't anything to find, in which case what's the harm. "Even better case scenario" is that they actually do find something that needs addressed, in which case why would we bend towards dissuading him.

Re: Test hack my site

Posted: Sat Dec 29, 2018 10:17 pm
by John connor
I guess what I'm asking here is the over all fitness of the site at hand, whether that be server or software related. I'm aware that phpBB goes through some kind of security audit? But as mentioned, nothing, and I mean NOTHING is unhackable. I've put in place several layers and was just wondering if they'd stand up to a would be hacker. :D

They say Linux is not prong to malware and what have you, but is it? It's only used in like 90% of all servers and since they have port/s open to the world that opens the possibility for attack.

I need to find a red team vs blue team somewhere.

Re: Test hack my site

Posted: Sat Dec 29, 2018 10:36 pm
by Lumpy Burgertushie
or... you could just sit back and enjoy your board and not worry so much about the very slim possibility of your board getting hacked. ;) :D

I would bet money that if there were any hacks around for phpbb that we would certainly be hearing about them.

I would bet money that YOU would be hearing about them before most of us would.


luck,
robert

Re: Test hack my site

Posted: Sun Dec 30, 2018 12:23 am
by bonelifer
Lumpy Burgertushie wrote:
Sat Dec 29, 2018 10:36 pm
or... you could just sit back and enjoy your board and not worry so much about the very slim possibility of your board getting hacked. ;) :D

I would bet money that if there were any hacks around for phpbb that we would certainly be hearing about them.

I would bet money that YOU would be hearing about them before most of us would.


luck,
robert
Maybe I've misread, but he said his SITE. Sites generally mean everything. I once got a notice for one of my forums from my hoster that said they had disabled the hosting for the domain temporarily until I had looked over it and gave some links for stuff on my site. Turns out the Wordpress test install, had allowed a third party to create all sorts of files and what not. I deleted everything, emptied the DB and restored a backup, just in case. Changed DB passwords. Then re-uploaded the site including the forum. Point is he's looking for people to test his entire site. He's come here because he trust most of the people here, not to destroy his site. Obviously the way he's gone about posting it in a totally public forum isn't the safest way to go about it as it also attracts people from outside this forum. But as long as he's not straight up posting login creds in public, he really is free to post this. As long as he realizes anything bad that happens to his site because of this post is solely his responsibility and all the liability that implies.