Easy, find the location of the server and then use this link
How would someone hack this version of forums using BT3?
Funny. Let me re-word myself.
Are there any exploits for that verison of forums that I could use to penetrate into the forums?
Google - Invision Power Board 2.3.6 exploit <search>
It appears version 2.3.5 is vulnerable, but not .6 (yet).
Im guessing that you didnt have this installed on one of your own test systems then?
No, It is just a free forum account that I am admin on.
We have had to switch forums a few times due to script kiddies/brute force hackers getting into the admin panel.
I'd like to know how to prevent this ( Other than secure passwords)
- User lockout for x number of invalid password attempts (although this can create a DOS opportunity for attackers)
- Multi factor authentication, or use of something like a CAPTCHA to defeat automated guessing (although it may not be suitable or possible in this case as your software must support it)
- Banning of access to IP addresses that appear to be brute forcing you (although there are ways around this for attackers)
- Use the latest version of the software
Good secure passwords are probably your best bet though.
Actual exploits may allow an attacker to do more than just get admin access to the forum though, it may allow them to get access to the underlying OS which could allow them to do a lot more damage. There's other methods to minimise the impact of this, but most require administrative access to the underlying OS.