XenForo Support

I had this convo with my host and want to ask some stuff regarding it.

Submitted by redd, , Thread ID: 32686

Thread Closed
redd
Active Member
Level:
0
Reputation:
-1
Posts:
363
Likes:
9
Credits:
60
18-04-2017, 07:20 PM
#1
I asked my host about running a nulled version of xenforo etc. And he said i could run it no problem but all the versions of xenforo have backdoors in them. He said why would someone go through all trouble nulling it if there is no gain from it. He also linked me on HF to rooted servers and said this is also being done through backdoors in the software. I also asked if there are clean versions and he said basically NO.

So i am kinda in a situation where i have no idea if i can run it safe or that i have to be scared of my site being rekt by backdoors. Thats why i ask a honest opinion from someone more experienced on this field.

RE: I had this convo with my host and want to ask some stuff regarding it.

Supreme
ZmFnZ290
Level:
0
Reputation:
189
Posts:
2.02K
Likes:
342
Credits:
585
18-04-2017, 07:47 PM
#2
Depending on where you actually get your version of XF from, will determine it's credibility. Yes, there are many shady sites that will 'null' or edit already existing nulled boards, but they're pretty scarce.

Look at it this way, why would you null something, release it and know that somewhere out there on the internet, there's a board that has a backdoor you know how to access, but you have no idea which board and will never find it? It just doesn't make sense.

If you get your release from a trust worthy site / user (Nulled is a perfect example), there shouldn't be any backdoors. Now that doesn't mean there aren't security risks, any nulling of board software creates them (but practically no one is going to bother to attempt to take down your board).

To answer your question as to why people null board softwares, if there's nothing to gain- well that's not entirely true. Most people do it, because they can. Others do it, to publish and gain traffic to their website / board. Some will do it, to show it can be done or they were the first to do it (reputation among their community). It's always a competition.

As long as you make regular (daily) back-ups of your site, you shouldn't have any problems. If you're purely just running the site with absolutely no back-ups, nulled or legitimate, that's idiotic, as even a bought board software can be bruted into, regardless of security. Back your site up and use the version you have, if anything goes wrong, take the site down, upload the latest back-up, put the site back online, clone the site, fix the vulnerability, upload clone to main site. Easy as that.
[Image: xvv2qQA.png]
1

RE: I had this convo with my host and want to ask some stuff regarding it.

redd
Active Member
Level:
0
Reputation:
-1
Posts:
363
Likes:
9
Credits:
60
OP
19-04-2017, 08:25 PM
#3
18-04-2017, 07:47 PM
Widget Wrote:
Depending on where you actually get your version of XF from, will determine it's credibility. Yes, there are many shady sites that will 'null' or edit already existing nulled boards, but they're pretty scarce.

Look at it this way, why would you null something, release it and know that somewhere out there on the internet, there's a board that has a backdoor you know how to access, but you have no idea which board and will never find it? It just doesn't make sense.

If you get your release from a trust worthy site / user (Nulled is a perfect example), there shouldn't be any backdoors. Now that doesn't mean there aren't security risks, any nulling of board software creates them (but practically no one is going to bother to attempt to take down your board).

To answer your question as to why people null board softwares, if there's nothing to gain- well that's not entirely true. Most people do it, because they can. Others do it, to publish and gain traffic to their website / board. Some will do it, to show it can be done or they were the first to do it (reputation among their community). It's always a competition.

As long as you make regular (daily) back-ups of your site, you shouldn't have any problems. If you're purely just running the site with absolutely no back-ups, nulled or legitimate, that's idiotic, as even a bought board software can be bruted into, regardless of security. Back your site up and use the version you have, if anything goes wrong, take the site down, upload the latest back-up, put the site back online, clone the site, fix the vulnerability, upload clone to main site. Easy as that.

1) You assume that if youre running a nulled forum, your only issue is mitigated by taking backups.
that completely disregards that you're exposing sensitive client data to a hacker.hacker could still dump your database to the public and steal passwords and emails.

2) Youalso dontmention the damage to a hosting provider it can cause if the hacker uses it to launched DoS attacks or runs c99 shells and just fucks up the server.


3) brute force attacks really are a low priority security concern these days, especially with a forum like xenforo with cloudflare in place. just use a secure password lel

4) i don't think any site centering on illegal activities is "trustworthy", i mean i've only been on hackforums so idk about the other hacker sites but c'mon like every month we hear about some super trustworthy user or giant service fucking over its clients and exit scamming.

Users browsing this thread: 1 Guest(s)