»How to protect your phpBB forum against hackers«
|
|||
 jayray999: Ok. Here is a stupid question. How do I access the ACP without the admin link. I tried visiting:
myforum.com... but this only works if I am NOT logged in from that computer. If I am logged in this method takes me to the Forum Index; then I must logout and try myforum.com... and log in again. Any easier way? Sure, just change pagestart.php as I write at Tip #3 I just tried it out with phpBB 2.0.14 and it works like a charm. posted by knn |
|||
|
|
|||
| in-my-opinion.orgTechnology, Computers, Science, InternetSoftware by the adminHow to protect your phpBB forum against hackers |
|
|||
|
phpBB 2.0.15 is out to fix a critical security issue. Needless to say that my tips would have protected you... (( Nevertheless, keep your phpBB up to date... it's always a good idea to fix issues )) posted by knn |
|||
|
|||
|
|||
|
jayray999: jayray999: I did exactly as you say and I get this error
Warning: Cannot modify header information - headers already sent by (output started at /home/.love/antonio/myforum.com/forum/config.php:21) in /home/.love/antonio/myforum.com/forum/includes/sessions.php on line 200 etc. Ok. This now works perfectly. For others who wish to profit from my experience you must do the correct sequence of steps or this will not work: 1. Backup your old config.php (this saved me some headaches since I did not have my new database password written anywhere else!) 2. Copy a.php and secureconfig.php to to the folder where your forum resides. 3. Make a.php world writable (chmod a.php 666) 4. Type in the path to secureconfig.php in a browser e.g. yourforum.org/forum/secureconfig.php 5. This will generate the screen which will give you detailed instructions on how to modify config.php. 6. Make this changes to config.php. 7. Delete secureconfig.php 8. Try using your forum. 9. If it does not work you can always restore your old setup by restoring your old config.php from backup and by deleting a.php. At this stage I made the previous post. Then I went back to step 1 and tried again and everything worked. Thanks knn and sorry for the posting blitz. I tried this out several times, but get all teh times a white screen. I use phpBB2.0.15. Any suggestions? posted by newbie |
|||
|
|||
|
|||
|
volonteshiva: You honestly can't believe that a forum can get this big? To further prove your point, I know of forums that have gone way past 3GB in under two years, with multiple millions of posts. Forums can get extremely big. posted by ZS |
|||
|
|||
|
|||
|
Hello! I have a problem! I have the latest version of PHPBB with all the neccessary patches and upgrades but someone just hacked into my MYSQL through another domain on the same hosting server. It seems that this person has an account on the same hosting server where I have my account and therefore he maanged somehow to hack into my database. How is this possible and how can I protect my phpbb from being hacked again? I need your opinion as soon as possible! Thanx in Advance! posted by aion |
|||
|
|||
|
|||
 aion: How is this possible and how can I protect my phpbb from being hacked again? I need your opinion as soon as possible! Maybe some master password insecurity. This has actually not much to do with phpbb itself. Since it's on the same server you should inform your hosting company. posted by knn |
|||
|
|||
|
||||||
|
knn: Make yourself the only one who can become admin = no other registered user (or intruder) can gain admin rights.
Hi knn. Thanks for all the tips. My forum was hacked several times and your ideas have really helped. I've got one question though, how would I change this code to allow 3 other admins? I have a reletivley small forum (only 1700 members) but I'm away a lot. For this reason, we have 4 administrators to be sure one of us is always online. I already know their user ids, I just don't know the propper way of modifying the code. Lets say our user ids are 2,3,4, and 5. How would I modify the code to allow only the four of us admin access? Thank you for your time (and these great security mods)! Any help would be greatly appreciated. Thank you! 
posted by Mac |
||||||
|
||||||
|
|||
 Mac: I already know their user ids, I just don't know the propper way of modifying the code. Lets say our user ids are 2,3,4, and 5. You have to change
to
posted by knn |
|||
|
|||
|
|||
|
I just modifyied my forum and it works perfectly. Thank you for the quick reply and excellent security fixes. posted by Mac |
|||
|
|||
|
|||
|
I have programmed a set of backup scripts for every phpBB webmasters. Check it out at IMO → PhpBB mod (freeware): Backup database and files posted by knn |
|||
|
|||
|
|||
 A new critical update has been published by phpbb.com Needless to say, that AGAIN my tips would have protected you. This patchwork ("fixy fixy problema over here, fixy fixy over there") instead of hardcore protection puts everyone at risk who doesn't implement my tips here. posted by knn |
|||
|
|||
|
|||
 I have updated Tip 5. It offers now more protection. posted by knn |
|||
|
|||
|
|||
Am I suppose to be changing the 'xyz' to something? I already added the ips of the admins to the file I downloaded. Thanks posted by Sippenhaft |
|||
|
|||
|
|||
|
Sippenhaft: Am I suppose to be changing the 'xyz' to something? Oh, my bad. My words were unclear. No leave it as it is. Leave the 'xyz'. If you installed the former mod from tip 5 then you need to uninstall it first AND THEN install the new one. The old version protects you from hackers autologin as ADMIN. The new one also protects you from hackers autologin as users. Please note that there is a new security issue (phpbb 2.0.17 will be out soon) and this mod helps you to stay safe. posted by knn |
|||
|
|||
|
|||
|
OK. Thanks. I did not have the OLD tip 5 installed. So I installed just this one. Is the 2.0.17 patch gonna be similar to this? i.e. dealing with the cookie issue? posted by Sippenhaft |
|||
|
|||
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19 Next
Goto page Previous
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19 Next
 Register Log in |
The time now is 9 February 2012, 10:26 php B.B. |