boconniff40 (OP)
Newbie
 Offline
Activity: 28
Merit: 0
|
 |
March 08, 2012, 09:00:25 PM |
|
Internet --> Modem --> Sonicwall TZ215 --> OpenBSD firewall appliance --> OpenBSD Server with TOR Hidden Service
Notes
-OpenBSD is considered to be the most secure OS out there
-OBSD comes with military grade encryption
Now my only problem is whether I can successfully run vBulletin with OpenBSD as a server.
|
|
|
|
|
|
|
|
|
|
|
|
The network tries to produce one block per 10 minutes. It does this by automatically adjusting how difficult it is to produce blocks.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
Aggro
Donator
Sr. Member
Offline
Activity: 296
Merit: 250
|
|
March 08, 2012, 09:33:27 PM |
|
Internet --> Modem --> Sonicwall TZ215 --> OpenBSD firewall appliance --> OpenBSD Server with TOR Hidden Service
Notes
-OpenBSD is considered to be the most secure OS out there
-OBSD comes with military grade encryption
Now my only problem is whether I can successfully run vBulletin with OpenBSD as a server.
I think you should be able too. Might be too slow because VB is known to be an html monster  I have seen phpbb and punbb being used on tor. |
|
|
|
|
boconniff40 (OP)
Newbie
Offline
Activity: 28
Merit: 0
|
|
March 08, 2012, 10:33:14 PM |
|
|
|
|
|
|
furrythunder
Newbie
Offline
Activity: 4
Merit: 0
|
|
March 09, 2012, 04:23:44 AM |
|
The setup is nice an everything but the vBulletin track record on security is not that great. Everything else is useless if some remote exploit can reveal the servers ip address.
|
|
|
|
|
|
jake262144
|
|
March 09, 2012, 08:22:34 AM |
|
OBSD comes with military grade encryption
lol  |
|
|
|
|
boconniff40 (OP)
Newbie
Offline
Activity: 28
Merit: 0
|
|
March 09, 2012, 10:14:40 AM |
|
The setup is nice an everything but the vBulletin track record on security is not that great. Everything else is useless if some remote exploit can reveal the servers ip address.
How is that possible when used in conjunction with TOR? |
|
|
|
|
boconniff40 (OP)
Newbie
Offline
Activity: 28
Merit: 0
|
|
March 09, 2012, 10:15:17 AM |
|
OBSD comes with military grade encryption
lol What? Do you even know what military grade encryption is? |
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1225
Away on an extended break
|
|
March 09, 2012, 10:20:51 AM |
|
vBulletin is useless if you're paranoid about security. Just take a look at the exploits found for it monthly and you'll think twice about using it.
|
|
|
|
|
boconniff40 (OP)
Newbie
Offline
Activity: 28
Merit: 0
|
|
March 09, 2012, 10:50:26 AM |
|
vBulletin is useless if you're paranoid about security. Just take a look at the exploits found for it monthly and you'll think twice about using it.
Nothing is better than vBulletin in the message board world. |
|
|
|
|
boconniff40 (OP)
Newbie
Offline
Activity: 28
Merit: 0
|
|
March 09, 2012, 10:51:39 AM |
|
-OBSD comes with military grade encryption
From you saying laughable stuff like the above, I can already tell you the major security flaw in your system: - system administrator is a complete noob. I think you're an idiot who can't even explain what he or SHE means properly. Also if I'm not good enough to be sys adm, I'll just hire someone, that's the great thing about me, I'm rich... haha. |
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1225
Away on an extended break
|
|
March 09, 2012, 01:15:44 PM |
|
VBulletin is brilliant forum software. It really is. But it has an absolute crap load of vulnerabilities and is definitely not suited to TOR at all!
Take our advice and use something like PHPBB, or hell make your own in PHP if you really want.
Everybody knows hackers love to use TOR, and when they stumble across a vbulletin forum, they are bound to try out atleast one exploit.
Also, I would be very sure the remote IP could be discovered using certain exploits.
+1. I'm fairly sure there's still working sql injection attacks working against vBulletin as the GPC function still does not filter parenthesis as for today. |
|
|
|
|
boconniff40 (OP)
Newbie
Offline
Activity: 28
Merit: 0
|
|
March 09, 2012, 03:40:32 PM |
|
znort is a gay poor faggot that just made my ignore list.
anyways until i find something better than vbulletin, that is what i'm sticking with, oddly enough it's just a small group of people who THINK that vbulletin is the most vulnerable
|
|
|
|
|
bitcoinsarefun
Member
Offline
Activity: 98
Merit: 10
|
|
March 09, 2012, 04:35:04 PM |
|
Internet --> Modem --> Sonicwall TZ215 --> OpenBSD firewall appliance --> OpenBSD Server with TOR Hidden Service
Notes
-OpenBSD is considered to be the most secure OS out there
-OBSD comes with military grade encryption
Now my only problem is whether I can successfully run vBulletin with OpenBSD as a server.
Looks fine, but just be mindful of what others have already said regarding your forum software choice ... all those layers are useless if someone successfully exploits your board. And to answer your question, you can run vBulletin with no issues on OpenBSD ... |
|
|
|
|
boconniff40 (OP)
Newbie
Offline
Activity: 28
Merit: 0
|
|
March 09, 2012, 04:45:06 PM |
|
Okay to be honest I don't care if someone hacks the boards, that just means I have to reload an older version of the boards.
Also according to other sites, alot of vbulletin exploits are found but not many boards are seen hacked.
And furthermore, why can't people come up with a better choice than vBulletin? Probably because there are none.
IF I DO FIND A MORE SECURE VERSION, then I will switch to that.
|
|
|
|
|
bitcoinsarefun
Member
Offline
Activity: 98
Merit: 10
|
|
March 09, 2012, 04:47:58 PM |
|
And furthermore, why can't people come up with a better choice than vBulletin? Probably because there are none.
People have made recommendations already in this thread - phpbb has popped up a few times, the software this forum runs is pretty decent as well ... For vbulletin, just keep track and update when necessary and keep decent backups Remember, you asked for people to rate your hidden service - they gave you their opinions on where it felt weak ... if you don't like those opinions, then why ask people to rate? |
|
|
|
|
boconniff40 (OP)
Newbie
Offline
Activity: 28
Merit: 0
|
|
March 09, 2012, 04:57:43 PM |
|
Alright, I will take all things into consideration.
PHPBB vs vBulletin
|
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1225
Away on an extended break
|
|
March 09, 2012, 04:59:48 PM |
|
Okay to be honest I don't care if someone hacks the boards, that just means I have to reload an older version of the boards.
Also according to other sites, alot of vbulletin exploits are found but not many boards are seen hacked.
And furthermore, why can't people come up with a better choice than vBulletin? Probably because there are none.
IF I DO FIND A MORE SECURE VERSION, then I will switch to that.
The better choice is PHPBB. If your forum gets hacked all of your users sensitive information will be leaked. Your entire server may even get rooted and affect every other website on it and have all of your data on it leaked. Your server may also be used to send out shit loads of spam and get your IP blacklisted or even get your server disconnected by the datacenter. And once the vulnerability is found, the hackers will just keep using it until you or someone else patches it. It will also take you a few days to get all the passwords of everything changed in order to get the website back up. Also once your website is hacked the majority of your users will leave Not true. I've seen many vbulletin forums get hacked. Have a look around onionland, you won't find any. Also, vbulletin is very messy with its html and will be slow as hell on TOR. Use a stripped down version of phpBB for maximum security. Also, remember to update it. vBulletin(especially outdated ones) is a piece of cake for seasoned sql ninjas. Back to the topic, your Tor Hidden Service is only as secure as the weakest link, which is vBulletin now. We don't care about military grade encryption stuff as rooting a 'hot' server would leave the encryption keys in the memory and the stuff decrypted, ready for a leak. |
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
March 09, 2012, 05:06:51 PM |
|
this thread is full of lulz about a weak sysadmin(boconniff40). WIN!
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
boconniff40 (OP)
Newbie
Offline
Activity: 28
Merit: 0
|
|
March 09, 2012, 05:21:01 PM |
|
What do you guys think about SILC? SILC (Secure Internet Live Conferencing protocol) is a protocol that provides secure synchronous conferencing services (very much like IRC) over the Internet.[1]
|
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1225
Away on an extended break
|
|
March 09, 2012, 05:25:55 PM |
|
What do you guys think about SILC? SILC (Secure Internet Live Conferencing protocol) is a protocol that provides secure synchronous conferencing services (very much like IRC) over the Internet.[1]
I remember reading something about it years ago. I've no prior experience on this so I have to say I don't know. However, this seems not really popular... |
|
|
|
|
|
