Search found 13963 matches

by Techie-Micheal
Thu Feb 09, 2017 1:25 am
Forum: [3.2.x] Support Forum
Topic: Content-Security-Policy: Table select not working for backups
Replies: 11
Views: 2846

Re: Content-Security-Policy: Table select not working for backups

Hi Heo32. I have a hunch on what's happening, but I need some time to look in to it. Just letting you know Mick did reach out to me to see if I can help you.
by Techie-Micheal
Sun Feb 05, 2017 6:10 pm
Forum: phpBB Discussion
Topic: Secure Login
Replies: 59
Views: 14484

Re: Secure Login

My thoughts are if you are going to place a forced redirect on all users who try and use your old http address (to the new https one you just created) then that is not going to run with Android's ideas of having 2 separate versions Not only that: it'd be inconsistent. If you don't want to serve HTT...
by Techie-Micheal
Sat Feb 04, 2017 5:03 am
Forum: phpBB Discussion
Topic: Secure Login
Replies: 59
Views: 14484

Re: Secure Login

if you are an admin and someone intercepts your login data or session cookies/data after you've logged in that person now has your entire user database, private messages and so on This isn't true either: phpBB checks the session against the IPv4 address, so it would be invalidated unless the attack...
by Techie-Micheal
Thu Feb 02, 2017 10:22 pm
Forum: phpBB Discussion
Topic: Secure Login
Replies: 59
Views: 14484

Re: Secure Login

It is still only securing information during transfer. what is the point of securing html and css when the browser requests it for a normal page load? Isn't the sensitive info, whatever that might be, only transferred when the form is submitted ? It is usually only one way is it not? robert Sure. L...
by Techie-Micheal
Thu Feb 02, 2017 9:10 pm
Forum: phpBB Discussion
Topic: Secure Login
Replies: 59
Views: 14484

Re: Secure Login

Ok, I will bow out of the conversatioin because I don't wish to really argue with anyone about this subject. I just hate to see anyone spreading fear around when it is not based on truth. I have been studying and doing web stuff since the beginning. that does not make me an expert on security or an...
by Techie-Micheal
Thu Feb 02, 2017 8:55 pm
Forum: phpBB Discussion
Topic: Secure Login
Replies: 59
Views: 14484

Re: Secure Login

It not just google! Apple are making it so all apps have to connect to https https://techcrunch.com/2016/06/14/apple-will-require-https-connections-for-ios-apps-by-the-end-of-2016/ so if anyone has things like tapatalk on their forum they will need https too I am sure I have read somewhere that fir...
by Techie-Micheal
Mon Aug 15, 2016 5:17 am
Forum: phpBB Discussion
Topic: 2 Factor Authenticator
Replies: 18
Views: 6720

Re: 2 Factor Authenticator

Do not discourage people from improving their usage of the product because you use it for hobbyist data. The initial concept of MFA is separating burdens into informational (credentials), physical (owning a card), and individual (fingerprint). There are three factors: - Something you know (password...
by Techie-Micheal
Sun Aug 14, 2016 6:37 pm
Forum: phpBB Discussion
Topic: 2 Factor Authenticator
Replies: 18
Views: 6720

Re: 2 Factor Authenticator

security is always important No 2 factor authentication in the world keeps a threatened person from exploiting a system. What others wanted to say is: phpBB in its natural form as a discussion board is good enough with the ACP requiring a hardened session, and thus re-authentication. And that's whe...
by Techie-Micheal
Fri Jul 29, 2016 12:02 am
Forum: General Discussion
Topic: Got hacked through the forum.
Replies: 31
Views: 26542

Re: Got hacked through the forum.

However, if you are running out of date software or misconfigured software, and CloudFlare does not block through a WAF or other firewall, your real server will get owned. https://www.cloudflare.com/waf/ Yes, I know that CloudFlare has a WAF. But that doesn't mean everything will get caught by the ...
by Techie-Micheal
Wed Jul 27, 2016 12:48 pm
Forum: General Discussion
Topic: Got hacked through the forum.
Replies: 31
Views: 26542

Re: Got hacked through the forum.

Funny that offensive-security.com uses the reverse proxy Securi. Looks like they use OVH though. K? Question: Are there real jobs for Pen testers? Do they pay well? I have a Pen tester program that I have used to test my own website. You asked if there are real jobs for pen testers, but then state ...
by Techie-Micheal
Tue Jul 26, 2016 11:22 pm
Forum: General Discussion
Topic: Got hacked through the forum.
Replies: 31
Views: 26542

Re: Got hacked through the forum.

Okay, yes, they would have to deal with CloudFlare that has safeguards like a WAF. But it won't be through SSH, FTP, etc. Since the real IP is not known and any port open on my IP that CloudFlare issues would be theirs and only theirs. So to summarize. An attack would have to be at the application ...
by Techie-Micheal
Tue Jul 26, 2016 5:29 am
Forum: General Discussion
Topic: Got hacked through the forum.
Replies: 31
Views: 26542

Re: Got hacked through the forum.

HTTP port 80 goes through CloudFlare. I did an Nmap on my domain and CloudFlare shows their open ports, but this IP address that CloudFlare (the reverse proxy) uses several websites that fall under 104.28.23.23 which is the IP I have. I'm not understanding how just a port would allow a hack when yo...
by Techie-Micheal
Thu Jul 21, 2016 1:16 am
Forum: General Discussion
Topic: Got hacked through the forum.
Replies: 31
Views: 26542

Re: Got hacked through the forum.

John connor wrote:CloudFlare doesn't have any of those ports open....
You don't have a website? I'm pretty sure you do, so you have at least a webserver running, which means you at least have HTTP exposed.
by Techie-Micheal
Sun Jul 17, 2016 9:01 pm
Forum: General Discussion
Topic: Got hacked through the forum.
Replies: 31
Views: 26542

Re: Got hacked through the forum.

Yeah, it was PHPlist. https://blog.sucuri.net/2013/09/security-case-study-archive-phpbb-com.html Could have sworn there was an early hack involving some leaked passwords. Maybe that was just a website/server issue or something. It was like last year when the site was down for like three weeks. Edit...
by Techie-Micheal
Fri Oct 02, 2015 12:46 am
Forum: phpBB Ideas
Topic: Markdown
Replies: 12
Views: 3177

Re: Markdown

What about to implement a real full rich text editor with icons instead bbcodes buttons? There are plenty good solution even extensions that could be implemented into the core to replace bbcode system once for all. Of course giving admins the possibility to add their own buttons and related functio...

Go to advanced search