August 10, 2022, 05:00:40 AM

* Site Menu

General Forum Security Tips

 1.  First, make sure your file and directory permissions are correct according to what your hosting has set. You must contact your hosting to find out what those are. We have no way of knowing. Having incorrect permissions for files and directories can allow others to see or possibly access files that you do not want them to see or have access to.

2.  Making daily backups will go along way to help protecting your site and getting it back up quickly if something bad happens. Do keep a number of backups handy in case you find that one or more are corrupted, hacked, or have other problems that may render them unusable. I suggest keeping a few monthly, weekly and daily ones somewhere (not on the server but on your hard drive, USB stick or CD/DVD's) so you can go back as far as needed to get what you want. You never fully realize the importance of backups until you lose everything or your site gets me!
3.  If nothing else, backup your database. It contains all of the most important info your need. It contains the posts, PM's, logs, user's info, etc. Even if you have lost all of your files, you can rebuild those later. But if you lose your database, you must start completely over from scratch! Adding the mods, images, coding edits, etc. is very minor compared to trying to remember and recreate every user, post, pm, etc.
4.  Create an admin board and a separate staff board. Use the admin board for admins only and the staff board for the same. If a staff member becomes a problem they will not know everything that is going on like server info, etc. which should only be posted in the admin board or in PM's only!
5.  Create a log of changes to the site and another for the server. Create a topic called "Changelog - Site" and only use it for any changes to SMF's settings, mods installed/uninstalled, etc. Also, create a topic called "Changelog - Server" and only use it to log what changes where made to the server. Things like backups, hosting changes, etc. You can name those topics anything that will help you to know what they are but keep them from the eyes of your users. Doing this, you can always go back and find out what you or a staff member did, when, where, and how. Add these logs to the Admin board.
6.  You can also create a "Changelog - Users" just for users. Use this for making a name change for a user, banning users, trouble makers, etc. Add these logs to the staff board so staff can be aware of potential trouble makers.

7. If you suspect someone registering will be troublesome, track their IP by doing the following:
Click on their username or IP and go to Profile Info -> Track User -> IP Address.

This will tell you if they have created multiple accounts. This is "usually" (but not always) the sign of a hacker/spammer. But before you ban them use the info in #8 below first!!! They could be different family members using the same account. I'd send them a pm asking them first. If they respond they are probably not spammers/hackers which usually do not respond.

8.  NEVER set your forum's registration settings to "Immediate Registration"! Anyone can join...this includes spammers hackers, trouble makers, etc. I recommend setting it to "Email Activation" or "Admin Approval". With "Email Activation", the potential user must verify their email address before registering. With "Admin Approval", you must explicitly approve users before they are allowed to join.

But no matter which registration setting you use I highly suggest that you run their IP, user name and email address through You should also run their IP through If you find them on either site you can block them and you should also take the time to add them to the list yourself.

Updated: May 19, 2012
Page created in 0.036 seconds with 15 queries.