1. My forum ForumNorway.com was installed by a young boy. He said he would take the responisbility for installing the forum etc. He did a good job, but now he is no longer available and my forum is spammed.
2. Upgrade. I have heard that upgrading to the latest version is important, since that is more secure. I want the forum installed on the root. That has not been any problem even if articles that I have read say that the code shall be installed in a subfolder. How shall I block guests from posting? I want all the post after upgrading, but not the spam posts. Any way to delete the spam posts without deleting one by one? I have also heard of other security measures, eg.
- The latest version of phpbb has an image verification routine in the registration process that will stop automated registrations.
3. Font. I like the font very much, but links are not visible on that font. Is there a way to change the colour of links?
4. Want to change the logo in the upper left corner.
5. Chat on the same site. I have installed this http://www.forumnorway.com/chat/ chat on the site, that is supplied by my hoster ImHosted, but have heard that there is a better chat
6. I gave the Ftp password to the young boy. I have changed it, but never the less, my login password as a user are changed. When I request a new one, it is sent to me, but I am not allowed to log in. I have to contact my hoster.
Hope somebody can help me.
Want help with ForumNorway.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
4 posts
• Page 1 of 1
Want help with ForumNorway.
by kgun » Mon Apr 24, 2006 8:12 pm
- kgun
- Registered User
- Posts: 11
- Joined: Mon Apr 24, 2006 7:44 pm
- Location: Norway
Re: Want help with ForumNorway.
by Lumpy Burgertushie » Mon Apr 24, 2006 9:42 pm
kgun wrote:1. My forum ForumNorway.com was installed by a young boy. He said he would take the responisbility for installing the forum etc. He did a good job, but now he is no longer available and my forum is spammed.
2. Upgrade. I have heard that upgrading to the latest version is important, since that is more secure. I want the forum installed on the root. That has not been any problem even if articles that I have read say that the code shall be installed in a subfolder. How shall I block guests from posting? I want all the post after upgrading, but not the spam posts. Any way to delete the spam posts without deleting one by one? I have also heard of other security measures, eg.
- The latest version of phpbb has an image verification routine in the registration process that will stop automated registrations.
3. Font. I like the font very much, but links are not visible on that font. Is there a way to change the colour of links?
4. Want to change the logo in the upper left corner.
5. Chat on the same site. I have installed this http://www.forumnorway.com/chat/ chat on the site, that is supplied by my hoster ImHosted, but have heard that there is a better chat
6. I gave the Ftp password to the young boy. I have changed it, but never the less, my login password as a user are changed. When I request a new one, it is sent to me, but I am not allowed to log in. I have to contact my hoster.
Hope somebody can help me.
upgrading is important for security reasons.
for installing to the root, you just have to move the files to there and then edit the database to reflect that change, there is no problem with doing this. it is just that the fantastico installation can't do it.
blocking guests from posting is done simply from the admin panel by setting all forums permissions to "reg" .
you can delete all the spam posts at once by installing and using the admin toolkit found here:
Admin Toolkit
this will also allow you to get back in and reset your admin account so you can log back in.
once updated, you can edit your aluminoid style so that the visual confirmation will work.
you can change the fonts in the css for that style,
to change the logo, read this:
Open root/templates/your template/overall_header.tpl
Find:<tr>
<td><a href="{U_INDEX}"><img src="templates/subSilver/images/logo_phpBB.gif" border="0" alt="{L_INDEX}" vspace="1" /></a></td>
<td align="center" width="100%" valign="middle"><span class="maintitle">{SITENAME}</span><br /><span class="gen">{SITE_DESCRIPTION}<br /> </span>
<table cellspacing="0" cellpadding="2" border="0">
<tr>
- To change the extension, filename, or path of the logo, edit the text in green
- To change where the logo hyperlink goes, edit the text in red. Replace with http://www.yoursite.com. You may also wish to change the alternative text (orange) to reflect the new location. (ex. 'Portal', 'Home', etc.)
- To change the logo, just overwrite the {root}/templates/subSilver/images/logo_phpBB.gif file with your own
there is nothing wrong with phpmychat, that is just a personal preference and has nothing to do with phpbb.
luck,
robert
-
Lumpy Burgertushie - Registered User
- Posts: 34784
- Joined: Mon May 02, 2005 3:11 am
by kgun » Fri Jul 07, 2006 10:51 am
Thank you very much for the help so long. Now I have new problems that I hope some of you can help me with.
1. Yesterday I noted that my forum was modified and new admin software installed. I was deleted as administrator and the young boy was the only administrator on the forum. I gave him the ftp password, but changed it since he did not follow up. Is it possible to modify the code if he does not have the ftp password?
2. I took backup of the code on my computer. When I delete ForumNorway with all code and folders and upload the backup, the forum stays unchanged. The code transfer is ok, but the backup is not installed. Is it possible to install a little program or in other ways overwrite the code that I upload?
3. Starfoxtj is great. I am logged in as administrator in that toolkit. I manged to change his status from Admin to user, but his email adress is admin@forumnorway.com. I am not able to upgrade myself to admin (I check the box as I shall). The upgrade of me to administrator seems Ok, but no change is registered. I am still a moderator. When I try to delete him from the database, I get the message that a least one administrator must be registered to delete other members. I am able to ban him. Should I ask my hoster to clean my account, delete all code and install an older backup?
4. I know cPanel and MySQL. Do I have to make manual changes in the MySQL database? It is not difficult, but may be difficult to find out where the problem is if the database is large.
5. There is registered a hidden user in the database. How is that possible?
Thanks for any help
1. Yesterday I noted that my forum was modified and new admin software installed. I was deleted as administrator and the young boy was the only administrator on the forum. I gave him the ftp password, but changed it since he did not follow up. Is it possible to modify the code if he does not have the ftp password?
2. I took backup of the code on my computer. When I delete ForumNorway with all code and folders and upload the backup, the forum stays unchanged. The code transfer is ok, but the backup is not installed. Is it possible to install a little program or in other ways overwrite the code that I upload?
3. Starfoxtj is great. I am logged in as administrator in that toolkit. I manged to change his status from Admin to user, but his email adress is admin@forumnorway.com. I am not able to upgrade myself to admin (I check the box as I shall). The upgrade of me to administrator seems Ok, but no change is registered. I am still a moderator. When I try to delete him from the database, I get the message that a least one administrator must be registered to delete other members. I am able to ban him. Should I ask my hoster to clean my account, delete all code and install an older backup?
4. I know cPanel and MySQL. Do I have to make manual changes in the MySQL database? It is not difficult, but may be difficult to find out where the problem is if the database is large.
5. There is registered a hidden user in the database. How is that possible?
Thanks for any help
- kgun
- Registered User
- Posts: 11
- Joined: Mon Apr 24, 2006 7:44 pm
- Location: Norway
No answer so long.
by kgun » Wed Jul 12, 2006 1:38 pm
The following has happened:
1. The boy I gave the ftp password and was accepted as co admin say he has not changed the code and admin rights.
2. My hoster indicate that the ftp password is stolen.
Question: Do you think I have to change to a Norwegian hoster? I have had so much trouble with foreign hosters. I have used three and problems with all of them.
I have been a member at WebProWorld for more than a year and also made a post there:
http://www.webproworld.com/viewtopic.php?t=65091
Here is the message if you do not have access:
*********************************************************
Once again my forum, ForumNorway has been hijacked and now it is more serious. Read the content in that link before you continue.
Facts:
1. I have not upgraded to the latest version of phpBB, version 2.0.21. I use version 2.0.19. Do not give the simple answer upgrade to the last version. This problem is more serious. I will not upgrade before this problem is solved or it is documented that the old version of the code is the problem.
2. The code for phpBB is written in PHP by other people, are relatively large and it is difficult to get an overview without using much time on it. I do not have that overview. Do not give the simple answer, PHP is not secure, use a BB written in another language.
3. It is possible to steal authentication (passwords etc.) by listening in on the connection to the site by packet sniffing. I doubt that. It is also possible to hijack session ID's and place javascript code (e.g. by XSS (cross side scripting) on the server where the board code is stored).
4. Do anybody on this forum have a solution to the
Problem: How is it possible for a person to change the code without having the FTP password? Is that stolen or are there other methods by which the problems described in the above thread can happen?
Related threads:
Security in PHP and MySQL
php sessions for storing data
Hiding file part of URLs for security purposes
********************************************************
Thanks for any help.
1. The boy I gave the ftp password and was accepted as co admin say he has not changed the code and admin rights.
2. My hoster indicate that the ftp password is stolen.
Question: Do you think I have to change to a Norwegian hoster? I have had so much trouble with foreign hosters. I have used three and problems with all of them.
I have been a member at WebProWorld for more than a year and also made a post there:
http://www.webproworld.com/viewtopic.php?t=65091
Here is the message if you do not have access:
*********************************************************
Once again my forum, ForumNorway has been hijacked and now it is more serious. Read the content in that link before you continue.
Facts:
1. I have not upgraded to the latest version of phpBB, version 2.0.21. I use version 2.0.19. Do not give the simple answer upgrade to the last version. This problem is more serious. I will not upgrade before this problem is solved or it is documented that the old version of the code is the problem.
2. The code for phpBB is written in PHP by other people, are relatively large and it is difficult to get an overview without using much time on it. I do not have that overview. Do not give the simple answer, PHP is not secure, use a BB written in another language.
3. It is possible to steal authentication (passwords etc.) by listening in on the connection to the site by packet sniffing. I doubt that. It is also possible to hijack session ID's and place javascript code (e.g. by XSS (cross side scripting) on the server where the board code is stored).
4. Do anybody on this forum have a solution to the
Problem: How is it possible for a person to change the code without having the FTP password? Is that stolen or are there other methods by which the problems described in the above thread can happen?
Related threads:
Security in PHP and MySQL
php sessions for storing data
Hiding file part of URLs for security purposes
********************************************************
Thanks for any help.
- kgun
- Registered User
- Posts: 11
- Joined: Mon Apr 24, 2006 7:44 pm
- Location: Norway
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 6 guests