You may be thinking "Not another post on securing my forum", but this post also touches on a hacking method known as 'Social Engineering' - so read on....

So, you have secured your forum in every way possible - you changed the AdminCP directory name, passworded the new directory, chosen very secure passwords but.

Your forum got hacked. You run around like a headless chicken trying to fix it, at the same time trying to figure out how they did it. You were running the latest vB, you start to think that it may have been a mod that you installed - but it wasn't.

It was Social Engineering.

Social engineering is when someone gains the complete trust of a forum founder, and then abuses that trust. Social engineering can take a long time to complete - but it can be devastating to a forum.

If you end up trusting someone a lot, they may have access to your cPanel, your FTP area, your database, SSH!

Imagine what they could do - they could delete the database, they could delete the entire forum files, they could delete any internal backups you have. Just think about it for a minute....

Scary thought, yes?

So how do I prevent it?

That is the million pound question, isn't it?

The best way to protect yourself is to not hire strangers to do work on your forum. If you must, then use separate logins, and check logs and EVERYTHING to see what they did. Check your plugins area for any new plugins, and ensure that if you are giving someone AdminCP access, they have the bare minimum admin permissions.

Social engineering doesn't just devastate a forum/website. It can devastate a human being. They placed their trust in you, and it was abused.

Don't fall foul to Social Engineering. Follow all the safety tips on the internet. Only trust people you know in real life - and don't trust them either!

I hope this article will open the eyes of some people....

Liam