18-04-2017, 07:47 PMWidget Wrote: Depending on where you actually get your version of XF from, will determine it's credibility. Yes, there are many shady sites that will 'null' or edit already existing nulled boards, but they're pretty scarce.
Look at it this way, why would you null something, release it and know that somewhere out there on the internet, there's a board that has a backdoor you know how to access, but you have no idea which board and will never find it? It just doesn't make sense.
If you get your release from a trust worthy site / user (Nulled is a perfect example), there shouldn't be any backdoors. Now that doesn't mean there aren't security risks, any nulling of board software creates them (but practically no one is going to bother to attempt to take down your board).
To answer your question as to why people null board softwares, if there's nothing to gain- well that's not entirely true. Most people do it, because they can. Others do it, to publish and gain traffic to their website / board. Some will do it, to show it can be done or they were the first to do it (reputation among their community). It's always a competition.
As long as you make regular (daily) back-ups of your site, you shouldn't have any problems. If you're purely just running the site with absolutely no back-ups, nulled or legitimate, that's idiotic, as even a bought board software can be bruted into, regardless of security. Back your site up and use the version you have, if anything goes wrong, take the site down, upload the latest back-up, put the site back online, clone the site, fix the vulnerability, upload clone to main site. Easy as that.
1) You assume that if youre running a nulled forum, your only issue is mitigated by taking backups.
that completely disregards that you're exposing sensitive client data to a hacker.hacker could still dump your database to the public and steal passwords and emails.
2) Youalso dontmention the damage to a hosting provider it can cause if the hacker uses it to launched DoS attacks or runs c99 shells and just fucks up the server.
3) brute force attacks really are a low priority security concern these days, especially with a forum like xenforo with cloudflare in place. just use a secure password lel
4) i don't think any site centering on illegal activities is "trustworthy", i mean i've only been on hackforums so idk about the other hacker sites but c'mon like every month we hear about some super trustworthy user or giant service fucking over its clients and exit scamming.