Go Back   Rangefinderforum.com > Cameras / Gear / Photography > Rangefinder Forum > Help / Feedback forum

Help / Feedback forum This area should address site improvements and help with the forum.

Reply
 
Thread Tools Search this Thread Display Modes

Please update the forums
Old 09-12-2016   #1
jamiekitson
Registered User
 
jamiekitson is offline
Join Date: Mar 2014
Posts: 3
Please update the forums

Version 3.6.8 of vBulletin was released in 2007. Many many vBulletin forums are getting hacked at the moment.

https://www.troyhunt.com/self-hosted...ting-services/
  Reply With Quote

Old 09-12-2016   #2
Saul
fighting inertia
 
Saul's Avatar
 
Saul is offline
Join Date: Dec 2010
Location: Baltimore MD
Posts: 343
Wow! That's a scary, informative read.
  Reply With Quote

Old 09-12-2016   #3
nikonhswebmaster
Moderator NHS Forum
 
nikonhswebmaster's Avatar
 
nikonhswebmaster is offline
Join Date: Feb 2007
Posts: 342
This forum really has no personal information other than email addresses on it, no personal info, no credit cards, nothing really.
  Reply With Quote

Old 09-12-2016   #4
tom.w.bn
Registered User
 
tom.w.bn is offline
Join Date: Feb 2008
Location: Germany
Posts: 2,683
Quote:
Originally Posted by nikonhswebmaster View Post
This forum really has no personal information other than email addresses on it, no personal info, no credit cards, nothing really.
I don't use the buy and sell section here. No relevant personal information there?
  Reply With Quote

Old 09-12-2016   #5
splitimageview
Registered User
 
splitimageview is offline
Join Date: Jan 2014
Posts: 1,210
Unless one uses the same password on other sites (banking for example) that one uses here, there isn't much risk.

There are other valid reasons for upgrading the forum, namely, the user experience (such as a fully responsive site for phones and tablets, drag/drop of image uploads, etc.)
  Reply With Quote

Old 09-12-2016   #6
nikonhswebmaster
Moderator NHS Forum
 
nikonhswebmaster's Avatar
 
nikonhswebmaster is offline
Join Date: Feb 2007
Posts: 342
Quote:
Originally Posted by tom.w.bn View Post
I don't use the buy and sell section here. No relevant personal information there?
No, since the RFF only accepts Paypal as payment for ads. Paypal does not reveal credit information to a seller.

Quote:
Originally Posted by splitimageview View Post
Unless one uses the same password on other sites (banking for example) that one uses here, there isn't much risk.

There are other valid reasons for upgrading the forum, namely, the user experience (such as a fully responsive site for phones and tablets, drag/drop of image uploads, etc.)
The RFF is working on a major upgrade, so your point has been considered.
  Reply With Quote

Old 09-12-2016   #7
ChrisLivsey
Registered User
 
ChrisLivsey's Avatar
 
ChrisLivsey is offline
Join Date: Jul 2007
Posts: 1,992
There has been publicity recently around hacks of boards:
http://www.pcworld.com/article/30959...se-breach.html
for example.
As is made clear even accessing e-mail addresses alone can lead to users being targeted with phishing mails. I would rather there was no complacency such as "nothing really" as although I do not some members, and I know it is not admins duty to protect them, will use passwords here that could be exploited elsewhere.
__________________
Fishing for shadows in a pool.
Louis Macneice

https://www.instagram.com/chris.livsey/
http://www.flickr.com/photos/red_eyes_man/
  Reply With Quote

Old 09-12-2016   #8
ColSebastianMoran
Registered User
 
ColSebastianMoran's Avatar
 
ColSebastianMoran is offline
Join Date: Sep 2010
Posts: 1,722
Stealing zillions of login credentials from this board IS an issue.

Even though all the above comments are true:
- some RFFers will be reusing passwords.
- hacker could make better connection of screen name to real name for lots of purposes
- owners credentials could be taken, enabling RFF server to be used for bad acts

The lesson is to keep things up to date.

Now, everyone is using a UNIQUE & COMPLEX password here, right?

All of you are taking updates on your PCs and especially your web browser immediately, right? Automatically is best?

And, finally, you are all using a password manager program, right?

These are today's good security practices.
__________________
Col. Sebastian Moran, ret. (not really)

In Classifieds Now: Olympus PEN EE with original leather case
More photos, descriptions of for sale items on this Flickr album
Use this link to leave feedback for me.

Named "Best heavy-game shooter in the Eastern Empire." Clubs: Anglo-Indian, Tankerville, and Bagatelle Card Club.
Sony E/FE, Nikon dSLR, and iPhone digital. Misc film.
Birds, portraits, events, family. Mindfulness, reflection, creativity, and stance.
  Reply With Quote

Old 09-12-2016   #9
nikonhswebmaster
Moderator NHS Forum
 
nikonhswebmaster's Avatar
 
nikonhswebmaster is offline
Join Date: Feb 2007
Posts: 342
Quote:
Originally Posted by ColSebastianMoran View Post
Stealing zillions of login credentials from this board IS an issue.

Even though all the above comments are true:
- some RFFers will be reusing passwords.
- hacker could make better connection of screen name to real name for lots of purposes
- owners credentials could be taken, enabling RFF server to be used for bad acts
I have used many personal servers. The only one that was hacked by installing a rootkit was rented from DELL, and as I remember managed by a Sprint data center. In that case the hacker took over many machines.

I don't believe any individual programmer can protect a server, that is why I stopped hosting completely 15 or so years ago, I just did not want the liability. I don't personally worry much about computer hacking, but I see social engineering as more of a problem for individuals. You are certainly right about using the same password everywhere.

But many machines, especially unused university Unix and Windows machines are hacked not by humans but bots. They don't want credentials they want your machine for a botnet. Sure updating VB helps, but oddly the latest version is likely to be open to more zero day attacks, than a system where all the vulnerability in a system is well known. So security updates are important, version upgrades not always good.

Protecting yourself, not easy -- you do what you can. I worry more about my banks than the RFF, or even Facebook, or Twitter. I suggest never putting a real "mother's maiden name" on a server, or using anything but a sentence as a password, but it may all be my personal voodoo. Be careful of password apps, some are poorly encrypted, or outdated. I personally prefer encrypted folders of my own.
  Reply With Quote

Old 09-12-2016   #10
sevo
Fokutorendaburando
 
sevo is offline
Join Date: Oct 2008
Location: Frankfurt, Germany
Posts: 6,307
Quote:
Originally Posted by ColSebastianMoran View Post
The lesson is to keep things up to date.
Well, sort of. In fact, and very much to the contrary of the marketing blurb in the originally linked site, rented servers are the ones most at risk, as they come with many extensions not needed (and hence not controlled by the user), and are subject to bulk attacks against thousands of servers - it is the five day old breach in the most common and popular platform that will see almost all attacks. A lonely server using a outdated, unfashionable software platform kept tightly updated with security fixes is about the most secure server you can have.
  Reply With Quote

Old 09-12-2016   #11
nikonhswebmaster
Moderator NHS Forum
 
nikonhswebmaster's Avatar
 
nikonhswebmaster is offline
Join Date: Feb 2007
Posts: 342
Quote:
Originally Posted by sevo View Post
Well, sort of. In fact, and very much to the contrary of the marketing blurb in the originally linked site, rented servers are the ones most at risk, as they come with many extensions not needed (and hence not controlled by the user), and are subject to bulk attacks against thousands of servers - it is the five day old breach in the most common and popular platform that will see almost all attacks. A lonely server using a outdated, unfashionable software platform kept tightly updated with security fixes is about the most secure server you can have.
I was not so precise, but those were my exact experiences over the years.

e.g. Ancient Perl apps we wrote as MySQL front ends were never bothered. You can't beat a bespoke app, without useless extensions.
  Reply With Quote

Old 09-12-2016   #12
CameraQuest
Head Bartender
 
CameraQuest is offline
Join Date: Mar 2005
Location: over the hills from Malibu
Posts: 5,388
A move is underway in the background to Xenforo.

What is taking time is not the forum discussions move, but having proper gallery and classified software, plus a home page similar to the home page RFF has now.

We are having to write our own Xenforo add ons.

Stephen
  Reply With Quote

Old 09-12-2016   #13
ChrisLivsey
Registered User
 
ChrisLivsey's Avatar
 
ChrisLivsey is offline
Join Date: Jul 2007
Posts: 1,992
Thank you to the team behind the planned changes it seems my and others concerns are understood and your feedback is appreciated.
__________________
Fishing for shadows in a pool.
Louis Macneice

https://www.instagram.com/chris.livsey/
http://www.flickr.com/photos/red_eyes_man/
  Reply With Quote

Old 09-12-2016   #14
f16sunshine
Moderator
 
f16sunshine's Avatar
 
f16sunshine is offline
Join Date: Apr 2009
Location: Seattle
Age: 49
Posts: 5,676
It's pretty easy to dedicate an email address for forum use.
I have one for all the forums I log into. (all 3)
They are not synced to any devices or purposes.
It's not an airtight security measure but does give some piece of mind.
It's never completely safe online but really neither is having a snail-mailbox.
__________________
Andy
  Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT -8. The time now is 21:42.


vBulletin skin developed by: eXtremepixels
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.

All content on this site is Copyright Protected and owned by its respective owner. You may link to content on this site but you may not reproduce any of it in whole or part without written consent from its owner.