        For Oblivion/2 Bulletin Board Software - Securing Your BBS

                    (c)Darklord,1995 EViL Productions

  For starts, I want you to take note that without a rocking software like
Obv/2, A file of this nature wouldnt be possible. As well, nothing here
will be much benefit to you unless you strive to develop your knowledge
of said software. Everything I speak of is pure common sense, and applied
knowledge gained from trial and error...


  Allright- to the bones...


  Ill begin by addressing this issue- CO-SYSOPS. This is probably one of the
most common reasons a board's security is, and can be compromised. This
applies to giving "friends" and the like high access levels. Its your
computer(s), and why would you allow someone into your house while your
on vacation to play with it? I'm not saying that its not beneficial to
have or utilize Co's. What I am saying, is their access should be
restricted to allow them to use and maintain ONLY the areas you designate.
Configuration is an issue. If your Co's are doing more configuration
than you are, WHY are YOU running a board? Mods are fine. Getting help with
addition of said mods is fine too- BUT keep in mind IF the mods come from a
reputable source, the documentation should outline all you need to know-
Theres a rash of "groops" out there now, Some arent worth a jack and others
seem to be trendsetting. DEMAND QUALITY and SLAM IGNORANCE.

  I use a local node (accessed only by the local keyboard) for all system
configuration. All nodes utilize shared directories, but the
ACS for ALL commands of this nature are either set to = (Local Keyboard
Only) and/or V# (where # is the node number)

  This has multiple benefits- The command(s) and menus, are either not
(technically) available to the node(s) allowing remote (outside) access,
or dont exist at all- I removed all Pseudo-DOS commands from my menus-
Why? You dont need them if you have a decent multitasking setup.
Another way is to add a prompt for a password (not like the SYSOP password
designated in your configuration, but in the .mnu itself.) Allowing local
only access to the MENU EDITOR is probably the best way to insure these
passwords arent compromised. Change them often. See, on my system, (I took
it a few steps further) My node configuration points towards different
directories for the .mnu's for each node- any node that someone can call
in remotely on, doesnt even have SYSOP, FSPONSOR, MESSPON included. If
theres no way to even GET there on those nodes you have literally
nothing to worry about. One last point here- ALL of my .mnu's are set
(attrib) to READ ONLY. That zips that up.

Some other fine points here worth considering-

-LOOK over any modification (mods) released by anyone, internally.
 Its easy to re-archive a modded "mod" with simple hack commands
 built in. 
           
-Allow your co's only to access the system, at specified times. See your
 Command section under ACS in the docs for this. 

-Set Obv to LOG ALL imput on all sysop menus. (This helps for debugging
 too <G>)

-Set ALL (if you have no co's) Sysop commands to (ACSwise) =

-For the really paranoid, rename DOS commands like FORMAT.COM and DELTREE
 to something like FURMATT.COM and TREEDEL.COM Nothing pisses a hacker
 off more if you dont even make the shit available. ;> (I deleted mine
 on my board computer- If I need them- the floppie's in the desk.)

-By all means, READ the docs! LEARN them. Especially the command
 structure. Its easy. Hell if you can play a game, you can learn this!

 Oblivion is a fine software, and often target of hacking. Why? It's
reputation! Out of the box, so to speak, and with just a few minor
items noted on the configuration, it is unhackable. Without slamming
other softwares, (Allthough I love to) I have to say I still find
serious fault in some of their coding that allows crashing/and or
hacking. Part of this whole hobby revolves around figuring out
what makes this shit tick. Nothing can compare to a SysOp running
a board software that he or she knows from front to back. 

 I'd like to waste your time by adding page upon page of technical
garbage, but its not needed, and Im not the type. Obv couldnt be
as secure as it can be without the Author's dedication to making
this possible in the first place. Second, its way too simple for
some to believe. Screw em. 

                                    -Darklord (SiN of Damnation)

