IP.Board security questions?

[yoda302055]

Hey all. I ran over a post by iBotPeaches on the invisionpower forums and decided i would ask here.. My buddy has IPB 3.4.5 and he has had his site defaced multiple times. I was wondering what i could do with the experience i have or just plugins. So what i am asking is if there are plugins, witch ones should I get? If there are no such thing as plugins, what can i do to improve security and prevent Defacement?

 

Thanks in advance

 

-  Loveezz, Scottss (aka Yoda302055)

[iBotPeaches]

I doubt they are gaining entry through IP. Board. Would need more information. 

How many admins?

How is it hosted?

[yoda302055]

I doubt they are gaining entry through IP. Board. Would need more information. 

How many admins?

How is it hosted?

Its hosted on a godaddy server. He said something about SQL Injection and/or skin injection.

there are about 5 administrators 

[iBotPeaches]

Its hosted on a godaddy server. He said something about SQL Injection and/or skin injection.

there are about 5 administrators 

 

So shared hosting. There is no active SQL injection for current IPB versions. SQL injections aren't very common these days compared to some other types of attacks. There is maybe 1-2 SQL injections a year.

 

The only way those could be it is from horribly coded application add-ons. I don't know how much power skins have to execute code. Even if you put raw SQL commands in a skin file, I doubt it would execute it, since its just CDATA XML of colors/templates. Could be wrong though.

 

If you wanna stay secure. Stay with stock stuff, little as 3rd party stuff as possible. Constantly checking server for files that have been written without your consent.

 

Basically, if I upload new files today. Then tomorrow 0 files should be edited, (except for like /cache and /uploads). Point being, files after uploading shouldn't be touched. If they are...you have a problem.