Anoymous hacking tip off

[Silvershark78]

I don't know where else to post this. I have received 2 anoymous tips that people are about to try to take down my entire site. What do I need to do install the proper safety precautions? Sorry if this is in the wrong forum and sorry if this is a bad place to ask but the threat is very real and I really need some help to prevent losing eveything.

[vbgamer45]

Make a backup of your site just in case if you have not already.
Backup your files,databases.

Make sure latest version of SMF.
Make sure you are the only admin on the site and change your password to something unique for only your forum.

[The Craw]

Unless you're using an older version of SMF, you should be safe there.

Wordpress is a common entry place for hackers, so I'd backup and remove any install you have, should you be using it.

Custom coded pages with database connections and crumby code are also often used for to gain entry through SQL injection.

If you see a suspicious looking link, don't click it, it might be an XSS attack to steal your session.

Might help to change your passwords, and notify your host to keep a lookout.

[Silvershark78]

Thank you for your answers. Any other further answers or suggestions on security modification software from other users will be greatly appreciated

[Colin]

Did you they give you any information regarding how they were going to attempt to hack your site? Generally these types of things are just bluffs.

[Silvershark78]

No but the tips that have come from 2 people came from private groups that are not open to the public. They have already hacked me once. Now apparently the establishment is trying to take down the new guy. I have every reason to believe this a real threat.

[Colin]

Fair enough, how did they hack you previously?

[Silvershark78]

Don't know. They set all my permissions for post count groups to deny all actions. I have error logs from one of my moderators from his name trying to hack me over and over again. His account could have been hacked. They also set guests to be allowed to carry out administrative duties. I just found the guest administrative duties check box  just now

[The Craw]

Do you have a crumby password?

[Silvershark78]

No it's very long

[Colin]

Do you use it for multiple services?

[Silvershark78]

No not that one and I just changed it again

[busterone]

It may be wise to change your hosting cpanel password and your mysql password also to be safe. 

[MrPhil]

Have you and your administrator(s) and moderator(s) scanned your PC(s) used to administer SMF for spyware, especially password sniffers and keystroke loggers? Those are favorites for stealing passwords and letting themselves in to do mischief. If you find anything, change all your passwords again.

If you are at earlier than 1.1.15 or 2.0.1 or so, you are probably vulnerable to a determined hacker. Think about upgrading to 1.1.17 or 2.0.3 ASAP.

[Silvershark78]

I am at 2.0.3 and do you have a recommendation to scan for these items I have a full version of AVG and System Mechanic?

[Silvershark78]

What about Forum firewall? I messed with it before and caused some problems but with a little guidance from someone  here I might be able to get the setting right

[MrPhil]

Any quality antivirus/antispyware offering should do the job. If you have two installed already, use both.

[Silvershark78]

found one "generic" trojan

[LiroyvH]

Don't just secure the forum, make sure the server is secure or put pressure on the hosting company to ensure it has proper security in place.
It all starts there, securing your forum is futile if the server is shared and has sh** protection.

[The Craw]

What he said ^. If they find a way to DDOS you, it's gonna hurt the hosting company as much as it will you.