Invision Plus Blog

Here’s a safety guide for everyone, but especially for board owners.

The biggest problem board owners have is another Admin demoting or deleting them and taking the board for themselves. Here’s how to solve this:

Administrator Issues

Instead of having just one Administrator group on the board, have at least one more. By having another Administrator group that does not have ROOT Admin access, the people in that group will not be able to demote you.

This is just a way of making it less likely that you may get demoted by another Administrator on your board because of them having ROOT access.

This may sound a bit obvious, but only give access to people that YOU TRUST! This is something that everyone should be careful about. Be especially cautious about giving others Administrator access to help fix something, set-up the board, etc. These people are not necessarily trustworthy. ROOT or not, they can still damage the board.

Cracking, Keylogging, etc.

This is generally a very rare occurrence on InvisionPlus.

Make sure the passwords to your InvisionPlus account and email account are safe. When a user’s account is stolen, it’s usually because one or both of these passwords were insecure. Use numbers, symbols, and capital letters in your password.

The use of keyloggers happens very rarely.

If necessary, write your password down to ensure you remember it, but make sure that paper is safe.

Always keep a virus scanner handy, just in case. One option is AVG Anti-Virus from Grisoft.com.

Any software can be a keylogger. For example, it could be a friend’s simple C++ console game, yet stealthily install a backdoor or keylogger without your knowledge at all. If you suspect this, you can open a Command Prompt and type:

netstat -n

… to see if there are any suspicious port numbers or IP addresses. Make sure your software comes from a reliable source.

Keep your anti-virus software updated, and you should be safe from most keyloggers.

Sidenotes and Conclusion

If you have had your board cracked, report it on the Support Board and we will see what we can do.

If an Administrator does something to your site, we can’t help with that. You need to make sure that your Administrators are trustworthy before giving them access.

With new secure measures in place at InvisionPlus today, a second administrator (even if they are in the root group) cannot demote, edit, change password, delete or harm the initial root admin in any way.

However, there are still two things to be aware of:
1) You can edit yourself, so you could accidentally or intentionally demote yourself. However, you cannot delete yourself.
2) If your password is cracked and the cracker demotes you, we may not be able to do anything - so keep your password secure. Here’s one site for testing the strength of your password: SecurityStats.com

That’s it! If you keep in mind these guidelines, you’ll be safe and secure during your stay here on InvisionPlus.

Thanks!

Elliot
InvisionPlus Staff

This guide contains contributions from InvisionPlus Staff members Exode, Alan, and HAL.

This entry was posted on Thursday, October 18th, 2007 at 12:19 am and is filed under Tips & Tricks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.