talkmagic.co.uk

Mods:

You almost certainly noticed the KHG WAS HERE at the top of the page. I think it's time for us to move on to another style of board: using phpBB is just asking to be hacked in these insecure Internet days.

At protonic.com, we had exactly the same problem. We ended up using the free board at http://www.simplemachines.org, which is very similar to phpBB but is secure.

Kati

Unfortunately it is impossible to say that a particular board is completely secure, there is sure to be something that has been missed. phpBB has the mixed advantage/disadvantage that it is very popular, meaning that it is a traget for hackers, but flaws are quickly found by non-hackers and fixed. It is a much simpler job to update the version of phpBB than to transfer to an entirely new board.

I have only been a member here for a short while, but I have noticed that you seem to be suffering problems caused by someone tampering with your forum.

Without going into the ins and outs of this, it is obvious that there is something ammis. I admit that I'm no expert but it seems to me that someone is able to hack in to your host or somone who has the administrators password ......
1. Is being mischievious
2. Has passed it to someone else
3. Has a virus which has enabled someone else to obtain what is necessary to gain access to the site.

I host another forum for a totally different subject on [url]http://www.proboards.com/index.html[url] and have never had any problems
[/url]

in a possibly unrelated topic since the hacking incident the first time i am no longer able to mark all topics as read using the function button provided.
although I'm quite happy and do open every post, sometimes I'm not able to check the board every day so opening every post 20 or so is a pain, please can someone help.

I have a somewhat similar problem to the read problem:

I see a forum with the 'read' logo but once I enter it the individual posts are not marked read, so I have to go through the top 5 or so to see if there are any interesting posts .

Kati

That is likely to be a session problem rather than a forum problem I think, often if your session expires and when you return you will not be able to see new topics as the forum assumes you have already seen them as you have visited since they were posted. The front page has not necesarily been reloaded, however, so it still tells you that there are new posts in that area. It is very annoying I know, I get it sometimes but I'm afraid it is probably something you will have to put up with for now at least.

Sad to read tonight that another magic forum (not anywhere as good as this one of course) has also been hacked and has decided not to re-open.

Obviously those hacking have no conscience or respect for others.

dat8962 wrote:Sad to read tonight that another magic forum (not anywhere as good as this one of course) has also been hacked and has decided not to re-open.

Obviously those hacking have no conscience or respect for others.

What was the other forum? Not UK Magic by any chance?

It is a sad day when this happens, and it appears that not many people have much respect these days, for anyone or anything, (I am not referring to anyone on this forum).

On the contrary, I think there is a great respect, shown by everyone who posts on TM....

The hackers are a bunch of W@*&ers and I am not sure if they will ever be stopped, we can only try our best to use the best preventative measures!

Just another thought, are we being hacked because we are an open forum and not protected behind an initial password to gain access to the site?

Just another thought, are we being hacked because we are an open forum and not protected behind an initial password to gain access to the site?

Just my 2 cents:
jbmagic, that depends on what the security hole was. If it was the web server, password protecting the BB would not help at all.

If it was the BB software, putting it behind an additional password check would increase security and make a hacker's life a little harder. The price, however, would be that you need to inconvenience all users tremendously with an additional check. Security and convenience are contradictory - you always have to balance them.

I don't mind an additional check...Windows types my pass automatically anyway . It's probably worth it, IMHO - it would fix a lot of problems:

1. No posting as guests when you don't mean to.

2. Security, as above.

3. No guests coming in and asking for magic secrets - you have to show that you're willing to spend at least a minute or two to be able to read and post.

Kati

The flaw was probably phpBB related, but I don't think password protection is the right path, you would have to give out the password indiscriminately for people to join the forum anyway so it wouldn't stop any hackers. Any magic related security questions that are easy enough not to discourage beginners can be found on the web anyway.

dat8962 wrote:The hackers are a bunch of W@*&ers and I am not sure if they will ever be stopped, we can only try our best to use the best preventative measures!

I hope that by 'the hackers' you were referring to only the destructive ones who targetted this forum. Hackers tend to get an awfully bad press from those who arn't in the IT world, but the vast majority simply look and don't touch, I should think the majority of the software enabling you to view this post has been programmed by someone who at somepoint has hacked. There are admittedly occasional idiots who thinks it's clever to write their names across someone elses page and I agree that is a shame this mentality can lead to the ruin of something beneficial like a forum.

Excuse me Ben & Ben but if you read back you will see that I NEVER posted this comment!

Surely if you're looking and not touching then you are surfing and not hacking????

By the very nature, someone who hacks is intruding into another persons site, whether they are up to mischief or not and in many people's books this is wrong, whether you're in IT or not.

In the professional IT world there are hackers employed by many an organisation to protect their intellectual rights, and to hack the hackers to gather intelligence but I would suggest on average, these people are in the minority as it's usually a highly skilled practice in comparrison to general hackers.

Please! Lets get one thing straight. These little punks that hack into sights like this are not HACKERS. They are neophytes that have to download programs created by real hackers to get into and to manipulate sights like this. Plus they have no real guts for glory. They have to hack sights like this because they have no balls to hack real challenging sights that a pro would go for, like the FBI and so forth. Or they do not posess the mental capacity to use old school techniques like hacking unix systems, etc.
Leave the poor magic sights alone and prove your worth by actually hacking something worthwhile. I am no Hacker but I know more than enough to know that hacking one of these sights is not that great a feat. I really dont know what these guys think is so great about hacking a magic sight. Do you brag about it. Kind of like a big thug bragging that he robbed a little old lady. Ooo, very tough isnt it.
Plain and simple, grow up.

Regards
Wolflock