Forumer

So.. finally got around to making your first Forumer forum, eh? Or maybe you just got hacked and don't want it to ever happen again. Either way, this tutorial was made just for you. After you are done with this, your Forumer forum will be more protected, as well as giving you the peace of mind so you can worry about other things more important in life. (like finals)

Part 1- Securing All Your Topics and Posts

The first thing you should do is to ensure that no matter what happens, only you (the admin) can delete entire topics. Since you can never trust 100% the actions of anyone but yourself, it is best to setup a "trash can" at your forum, where all things your staff delete. That way if one of your staff members go wild on your forum, or if that staff member made a bad choice, you can undo it.

To setup your trash can now, please see the Preventing Topic Deletion article for more instructions.

Part 2- Securing Your Password

Whether you are using phpBB or IPB, if you use a small password that is in the dictionary, then a common method used by hackers called "brute force" can hack it. Brute Forcing a password is simply a program that tries to login to your admin account using every word in the dictionary. About 60% of users on the internet use passwords out of the dictionary so they can remember it. This is a dangerous idea, and here are some pointers to protect your account. NOTE: Users of phpBB 2.0.19 can also configure an option in their admin CP that would stop hackers from trying more than a certain amount of passwords before they must wait however long you choose. For the purposes of this article, I will not explain this in detail. However, if you want to set it up, please see the bottom of this article.

• Your password should be at LEAST 6 characters long
• Try to integrate at least one number into it
• Spaces help, too

A password such as "apple" would take minutes to hack by brute-force, but a password as simple as "apple10" would take much longer, because dictionary brute-forcing assumes the word is copy/paste from the dictionary.

Part 3- Make a Backup Admin Account

Should you fail to make a good enough password, and your forum is hacked, be sure to setup a backup admin account that wouldn't be easily discovered. Meaning, try to setup another user account like "support" instead of "admin backup" to ensure that the hacker will not delete that user before you can login. Setting up a backup admin account, although such a simple task, is often not thought of by forum owners.

Example:
Make a username called "bob" with the member group "power user". Setup the "power user" group to be able to access the admin CP. Do NOT give "bob" the same password as your main account, make it a very long password such as:

495u43jfigsdf94mg

and save it in an email and send it to yourself. Why do that, you may ask. This way, this extra admin account won't get hacked, that way you have less security holes in your setup plan.

Part 4- NEVER Have More Than ONE Admin!

Besides hacked forums, the top way to lose your Forumer forum is at the hands of a fellow admin. NEVER make another admin at your forum, no matter how much you may trust them. Making another admin account is such a large risk. They can easily wipeout your entire forum while you sleep, so not even recovering your account would save you then. Bottom Line: More than one admin account is just plain stupid.

Part 5- FORUMER ADMIN PANEL (FAP)

To further protect your forum, setting up an FAP account BEFORE your forum is hacked will protect you no matter what happens. Forumer FAP allows you to register yourself as owner of your forum, and thus you will be able to recover your admin account should the worst happen.

Click here to setup your FAP account today!
Click here to ask for help with FAP!


Well, that's it, I hope you didn't expect more.

-Mark