»How to protect your phpBB forum against hackers«
|
|||
|
Hello My PHPBB 2.0.18 has been hacked by a guy who used a Cookie password hashes cracks (Tip 5.) I would like to implement a strategy that only certain range of IPs can auto-login to admin panel from Tip 5. Also I don't understand Tip 7., will it make me the only administrator and moderator too? And can Tip 7. stop Cookie password hashes cracks. Anyone HELP! posted by novoselac |
|||
|
|||
| in-my-opinion.orgTechnology, Computers, Science, InternetSoftware by the adminHow to protect your phpBB forum against hackers |
|
|||
 novoselac: I would like to implement a strategy that only certain range of IPs can auto-login to admin panel from Tip 5. Yes, that is tip 5. You simply need to edit the IPs or IP ranges that you want to allow. novoselac: Also I don't understand Tip 7., will it make me the only administrator and moderator too? OK, I have clarified Tip 7 novoselac: And can Tip 7. stop Cookie password hashes cracks. That, too I have clarified there now. posted by knn |
|||
|
|
|||
|
|||
|
I still don't understand some things, I'm sorry I'm a new in PHP. knn: novoselac: And can Tip 7. stop Cookie password hashes cracks. That, too I have clarified there now. Actualy this means that Tip. 7. won't stop cookie password hashes cracks? In Tip 5. I don't want to disable auto login, I only wanna use strategy of logging in from certain range of IPs and stop logging others in admin panel, because I use only [81.18.55.0 - 81.18.55.256] IPs. And I don't know where to find file allowedadminipsforautologin.php. posted by novoselac |
|||
|
|||
|
|||
|
novoselac: In Tip 5. I don't want to disable auto login It won't disable autologin. But it will refuse to autologin admins if they are from the wrong IP. novoselac: And I don't know where to find file allowedadminipsforautologin.php At the end of Tip 5 there is the download link. posted by knn |
|||
|
|||
|
|||
|
knn: It will disable auto login EXCEPT if a user tries to login from an IP address he has used to post something.
In other words: Autologin stays as before, except if someone tries to login from unusual IPs. It writes it will disable auto-login to forum for people who comes sometimes from diferent IPs (dial-up users). I have a lot of dial-up users, so I don't want to do that. Is it possible to set auto-login or login to ADMIN panel, from certain range of IPs only? And not to use this disabled auto-login for users who come from unussual IPs? Thanks for everything posted by novoselac |
|||
|
|||
|
|||
|
novoselac: It writes it will disable auto-login to forum for people who comes sometimes from diferent IPs (dial-up users). I have a lot of dial-up users, so I don't want to do that. 1) Why don't you use then the loose IP check? 2) You will put your forum at risk 3) I have uploaded a new version. Simply delete the "//" where it says so (approx line 60). That will turn off the IP check if you want to. posted by knn |
|||
|
|||
|
|||
|
Where is that LOOSE CHECK of the IP? I can't find it in your Tips. I don't understand this statement knn: 3) I have uploaded a new version. Simply delete the "//" where it says so (approx line 60). Please answer little more specific. posted by novoselac |
|||
|
|||
|
|||
|
I found it and will try to implement loose check. Thanks posted by novoselac |
|||
|
|||
|
|||
|
Thank you, thank you, thank you, for this! I have several heavily modded forums that I use phpbb as a base for, and have been searching for a solution like this for months. This is so very helpful! I have a question for you though: The forums I manage are private, meaning I register the users, and they don't even post to the forums. I wonder if there is an effective way to just hide these forums from everyone except the people who know the link? Thanks in advance, d posted by dellybob |
|||
|
|||
|
|||
|
dellybob: I have a question for you though: The forums I manage are private, meaning I register the users, and they don't even post to the forums. I wonder if there is an effective way to just hide these forums from everyone except the people who know the link? Unless you don't link to them from some other page no search engine will find them anyway posted by knn |
|||
|
|||
|
|||
|
knn: dellybob: I have a question for you though: The forums I manage are private, meaning I register the users, and they don't even post to the forums. I wonder if there is an effective way to just hide these forums from everyone except the people who know the link? Unless you don't link to them from some other page no search engine will find them anyway that is the odd part of it: one of them is listed in google, and i don't know why. do you think changing the name of the register.php file would make a difference? i am also going to change the name of index.php posted by dellybob |
|||
|
|||
|
|||
|
dellybob: that is the odd part of it: one of them is listed in google use robots.txt See robots.txt ♣ for more posted by knn |
|||
|
|||
|
|||
|
knn: dellybob: that is the odd part of it: one of them is listed in google use robots.txt See robots.txt ♣ for more yep already done that for the entire site maybe it will hit on the next sweep good to know i am not missing anything critical though guess i am doing all that i can thanks! posted by dellybob |
|||
|
|||
|
|
|||
|
I think a hacker delete my db admin user? Can I recover this user or create a new one and give it the admin rank? posted by forosidney |
|||
|
|||
|
|||
 PhpBB is now up to version 2.0.21...do you have anymore tips or need to update any? or using most of these we should be fine? Thanks PS what are you gonna do when "olympus" comes out!  posted by Sippenhaft |
|||
|
|||
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 Next
Goto page Previous
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 Next
 Register Log in |
The time now is 6 July 2008, 04:23 php B.B. |