Jump to content

  • Welcome To Mopar1973Man.Com LLC

    We are a privately owned support forum for the Dodge Ram Cummins Diesels. All information is free to read for everyone. To interact or ask questions you must have a subscription plan to enable all other features beyond reading. Please go over to the Subscription Page and pick out a plan that fits you best. At any time you wish to cancel the subscription please go back over to the Subscription Page and hit the Cancel button and your subscription will be stopped. All subscriptions are auto-renewing. 

Security Update

Mopar1973Man
 Share

Recommended Posts

  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Owner
Posted (edited)

Sorry gang. 

 

I had to get proactive on security the last few days. I found I've got a hacker here in the USA and a second one in Russia that has been trying to gain access to injecting either malicious scripts or attempting to upload files on the download section as a guest, etc. 

 

I've re-setup the google authenticator for the site. It's available for all users to use. I've made it requirement for staff and back end access. Google authenticator is a random number code produced in a time sensitive manner. You'll require the google app to run this but it solid for protection. 

 

Android Devices

 https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_US&gl=US

 

Apple Devices

https://apps.apple.com/us/app/google-authenticator/id388497605

 

I highly suggest people consider setting up the google authenticator for their protection against hacker or malicious people. Its a second step to logging in and changing things like passwords, email address, etc. I'll say I've had a my account on another website hijacked by a hacker and altered my email and profile information. I had to contact the site owner and get control of my account again. The 2FA (Two Factor Authentication) will prevent this from occuring being only your phone or mobile device will have the code to unlock the second step. This can't be randomly guessed or hacked being the code changes every 60 seconds. 

Edited by Mopar1973Man
Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Author
  • Owner
Posted

Going along with "Security Stuff" you might look into the KeePassX application for your desktop and then KeePassDroid (Android). Having a good password book and having different passwords for everything is a good thing to do. Matter of fact I just changed a bunch of old passwords up and upgrade some of them making them either longer or change type of text used for certain ones. Important things like banking and such should use a 2FA (two factor authentication) and long password (32 to 64 characters long). Don't just think your safe on little things on other sites. You should use at least 16 to 32 characters for even simple sites. 

 

https://www.keepassx.org/

 

https://play.google.com/store/apps/details?id=com.android.keepass&hl=en_US&gl=US

 

  • Thanks 1
Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Author
  • Owner
Posted (edited)

More security info...

 

No longer going to allow older TLS encryption methods. TLS version 1.2 covers down to Windows 7. Being that over 85% of the traffic here is a modern iPhone or iTablet I'm going to use the the modern encryption without any backwards compatibility to TLS 1.2 or even older TLS 1.1. TLS 1.3 is how the web server is going to encrypt your data being sent to you. Older TLS 1.2 could be weak in encryption. TLS 1.3 is all 2,048 bit encryption. I've also forced all HTTP (unsecured) to be forced into HTTPS (secured). 

 

After doing all this last night before bed. I get up this morning welcomed by a error log that was empty for the last 12 hours. Yup. There was another hacker that has been banging away at the software of the website creating errors on the Invision community software. Now that I've changed these few things and improved the security it all has stopped now. Hence why there is no longer any errors being created. 

 

TLS = Transport Layer Security

 

I've also changed back to requiring a real name, contact phone number, filling in your signature and a few other things. This will reduce the lack of information like signatures (truck info) then when people need help I've got a contact phone number to reach the member and a real name to ask. Kind of awkward to call a members home and the wife answers and your asking for a user name from the forum and she might just think your a spammer or phisher looking for info. There is a very good reason why I'm asking for these tidbit details. 

Edited by Mopar1973Man
  • Like 1
Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Author
  • Owner
Posted

Yeah I know its crazy to think there is always someone out there trying to crack the code for passwords, find ways to inject code to gain access, or just trying to do damage. Basically in my work I'm just putting up as many fences to keep a hacker trying to climb over one fence to be met with roll of barbed wire or another fence. So far I'm please to say its greatly reduced the amount of errors posted to the error logs. 

  • Thanks 1
Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Author
  • Owner
Posted

Been picking away at the security issues. So far I have improved the security of the website by leaps and bounds. I found my Russian hacker and found what he was doing so I moved the module he was trying to log into to a different port and that should baffle him for quite awhile. 

 

Then found a few security options that were added to the forum software and got them configured and stopped another hacker in Missouri that has been trying to upload files into the website without being a registered member.

 

Now I'll just sit back and watch the error logs for other attempts and see if this stops the few that I've been aiming for. 

Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Author
  • Owner
Posted

As of right now M73M has the best security environment that any other forum site. I'm taking web security very serious and been improving every bit of the site so its secure for all the members and don't need hackers poking around.

 

Mopar1973Man.Com test result...

Selection_006.png

 

Turbo Diesel Register TDR

Selection_003.png

Cummins Forum

Selection_004.png

 

Diesel Bombers

Selection_005.png

  • Like 1
Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Author
  • Owner
Posted

Do some hardening of the server as of this morning adding a bit more firewall rules and double check my maliware scanner and virus scanners are online. Then finding the Extra firewall rules and getting them configured. I'm monitoring right now for any hang up or false positives from the rules be ran.

 

Still got a few hackers still banging away trying to find ways into the site and getting caught in the security of the site. I'm trying to get that extra chain link fence and barbed wire up in front of the last fence keep them out for sure. 

Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Author
  • Owner
Posted (edited)

Ok here is what I've got going on.

 

I've added in more firewall rules to my server but I know that some people are going to see posts that are not completely or showing that they failed I'm trying to get the rules configured yet so hang in there. I've still got a few hackers attempting to use Cross Site Scripting or Injection methods of trying to gain access to the server. I've been being proactive but I know the better the firewall the chances of a normal user getting caught in that is higher now. Please be patient and work with me by posting a support ticket. I'll need your IP address of when you posted or were seeing the issue. This can be found on Google Search engine just typing "whats my ip" it will show your IP address. Please include this information and we will work on these firewall issues together. 

 

Screenshot from 2021-12-18 18-14-24.png

Edited by Mopar1973Man
Link to comment
Share on other sites
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Author
  • Owner
Posted (edited)

Still getting up in the morning checking the logs and see what the hackers are trying next. Now I got a hacker from from Singapore trying to break in with injection events. Just in the early morning hours he has attempted over 330 hits on the site and failed on every try.  Again I've got to stay proactive and keep the firewalls up and the site secure. 

 

Now the hackers are trying to get smart and attacking both my email server with brute force logins or my FTP server with brute force logins. Not going to work. 

Edited by Mopar1973Man
Link to comment
Share on other sites
  • 1 month later...
  • Owner
Mopar1973Man

Mopar1973Man

Posted
  • Author
  • Owner
Posted

Pleased to say I've managed to reduce most of the foreign country attacks on the website. Now between all the different things like cPHulk, Mod_Security, and System Firewall I made it absolute no go if anyone outside the USA temp to log into the server or any of its modules. It will IGNORE you IP after 5 tries. This BAN will last as long as it takes till the rolls off the back end of the list. I'm not going to say how many or how long. But nothing of my server will NOT respond to that IP address again on any module. If you attempt to inject code or use banned functions you might get ban the same way. There is a low risk I've seen that might trigger the rules if you do please contact myself by phone being nothing on the website will work. 

 

(208) 315-1470 - "Contact Us" link on the bottom of any page. 

  • Like 1
  • Thanks 1
Link to comment
Share on other sites
  • Staff
JAG1

JAG1

Posted
  • Staff
Posted
2 hours ago, Mopar1973Man said:

Pleased to say I've managed to reduce most of the foreign country attacks on the website. Now between all the different things like cPHulk, Mod_Security, and System Firewall I made it absolute no go if anyone outside the USA temp to log into the server or any of its modules. It will IGNORE you IP after 5 tries. This BAN will last as long as it takes till the rolls off the back end of the list. I'm not going to say how many or how long. But nothing of my server will NOT respond to that IP address again on any module. If you attempt to inject code or use banned functions you might get ban the same way. There is a low risk I've seen that might trigger the rules if you do please contact myself by phone being nothing on the website will work. 

 

(208) 315-1470 - "Contact Us" link on the bottom of any page. 

I got a permanent desk top picture of Nancy Pelosi. I couldn't get it off there until I paid my member fee.

  • Haha 2
Link to comment
Share on other sites
 Share
Go to topic listing

Rate The Author

Please take the time and give the author a 1 to a 5-star rating for the information you have gained from anywhere on the website. All forum threads, articles, etc. If a members post is good information please don't forget to tell them "Thanks" or "Like"

Rate Us On Google

Please take the time and visit our Google Review page and give us a review of our services.

Tip Jar

If Mopar1973Man.Com has helped you with quick and timely information for your repair please consider tossing a tip in the Tip Jar

×
×
  • Create New...