Ok after spending quite some time reading through the site and seeing the reality of ethical hacking, I have a couple of questions.

I host several forums, phpbb, phpbb3 and SMF (my personal favourite being the heavily modded phpbb). The questions i have are firstly, is anyone bored depressed and lonely enough to take on an attempt to discover just what vulnerabilities are left and let me know what holes exist, so that I can go back down into the engine room and patch any holes found.

We have survived several attempts from the dark side, partly due to my keeping an eye on vulnerability sites and applying patches and partly because I am one of the most pedantic people ever born about backups (in particular database backups), but since the phpbb board is my favourite I suppose I have spent considerably more time looking out for it, then I have for the SMF or Phpbb3 boards and i would hate to lose one or more of the forums simply because of an open doorway in another forum I am hosting. (Well, I am hosting is not strictly accurate as I pay for hosting here in Australia with one of the better companies and thus far, their attitude to security seems fairly solid).

Secondly, forensics... Are there any good tools out there that allow an indepth analysis of where someone did get in, where they came in from etc?

Thanks for your thoughts in advance...

Oh and I can provide evidence of site ownership in both the certificates and identification (figured since this place is ethical, that would be a must...)

Thanks for that friend, just so happens I have a spare box i was looking at setting up to bash to death in every aspect while figuring out such tools. and been doing some serious reading on the maintaining of evidence integrity.

I guess this is one of the useful things about being a backup freak, lol I now have 3 and a half years of twice daily database backups, burnt to dvd every seven days and timestamps are wonderful things But my main reason for interest is if of course someone does manage to do the so far (perhaps luckily) unachievable and take my sites down, I want to be able to gather as much evidence as possible to pass on to those whom deal with these issues (and yes, I have reported Cyber crimes with logs, backup data etc) but mostly, I am looking for a way that i can examine the evidence trail myself, and find out where the access was made so that I can go and weld the hole shut. All the reporting and evidence in the world, is pretty pointless if the door is left wide open...

Fortunately am very familiar with index.dat and registry editing as well as sql code rebuilding, so I guess am going software hunting..

Thanks again for that

Greatly appreciated friend. That should keep me occupied for a while as I work my way through the thing lol...

I do love a challenge

Thanks for that Mad_Irish. I have successfully reported before only because my hosting company is very thorough in the way they handle these issues that and the fact that in Australia due to limited population and therefore taxes lol the government does host some of its services privately, meaning that most of our hosting companies are very very careful about logging etc.

Thats the main reason I am here, if there are any holes, I want to discover what they are so they can be plugged. Been sitting analysing raw access data and logs from the last even (some time back) just to discover what the loophole was and thus far have managed to close several nasty little holes (phpbb tip, if you dont use a language, delete it and all its files, amazing how many holes are in the package via alternative languages).

But as I said, if it is at all feasible, I would like to discuss with someone the possibility of them making the attempt and letting me know any vulnerabilities. The best offense in this is defense in my opinion. As to backups Irish, well I have on multiple dvd's twice daily backups since the sites inception over 3 years ago. It may seem excessive, but if an error appears I can go back to day one and find what existed and fix it. As it stands, on the last attempt, the site was down for a total of three and a half hours and in three years with 3 hacks and including server down time, I have only lost 41 hours of service. Not trying to show off, but it certainly confirms every word you said mad_irish... Thanks for reaffirming that my backup madness is actually very sane lol.