Search found 88 matches

by clubchill
Sun Oct 08, 2006 6:19 pm
Forum: [2.0.x] MOD Requests
Topic: User-Created Group Mod
Replies: 3
Views: 481

User-Created Group Mod

When will users be able to create their own groups on phpBB with their own group descriptions?

?
by clubchill
Sun Oct 08, 2006 6:15 pm
Forum: [2.0.x] MODs in Development
Topic: [RC3] Referral Plus v 1.3.0
Replies: 1097
Views: 300833

Suggestion

@Mod creator You should try adding some checks for referral post count. This way, you don't have people getting credit for members who register but never post and never come back. It should be a choice to configure how many posts a user needs before the referral counts. Also some sites have PayPal i...
by clubchill
Wed Aug 16, 2006 3:21 am
Forum: 2.0.x Discussion
Topic: database password in config.php
Replies: 10
Views: 2289

Hopefully this can shed some light on why the password is in plain text. Any PHP script that accesses a database (whether to create, select, delete, etc) has to provide that database with a valid username and password, just as you would have to type the password if you were accessing the database m...
by clubchill
Wed Aug 16, 2006 3:12 am
Forum: 2.0.x Discussion
Topic: database password in config.php
Replies: 10
Views: 2289

hey Neo! Thanks a million!!! The support and feedback you guys give really helps alot! Thanks

:)
by clubchill
Wed Aug 16, 2006 2:53 am
Forum: 2.0.x Discussion
Topic: database password in config.php
Replies: 10
Views: 2289

I respect all of the comments, however, the problem that I'm seeing is not with the permissions on config.php itself, but moreso with these mods which (being in beta, most of them) allow 777 permissions on some of their folders.. for example.. the Album Mod by smartor. Brilliant development, but it ...
by clubchill
Wed Aug 16, 2006 2:02 am
Forum: 2.0.x Discussion
Topic: database password in config.php
Replies: 10
Views: 2289

database password in config.php

why is the password in config.php plain text!?! Why can't that be hashed just like every other password on the site? Why can't the password simply be entered ONE time, like any other php application and then hashed with MD5 in the database just like all the other passwords on the site? And why are m...
by clubchill
Mon Jul 31, 2006 3:48 am
Forum: 2.0.x Discussion
Topic: Do you guys recommend ModSecurity from ThinkingStone
Replies: 6
Views: 1598

Re: Do you guys recommend ModSecurity from ThinkingStone

Well, I like the phpBB Security 1.0.2 its pretty good That is actually not a good solution. It is a waste of time that can be bypassed in a matter of seconds, and makes updating your forums when there is a security release that much harder. As to mod_security, there can be an issue when it comes to...
by clubchill
Fri Jul 14, 2006 7:58 pm
Forum: 2.0.x Discussion
Topic: They're trying to blame it on phpbb scripts
Replies: 16
Views: 1300

thanks for the info... but I just turned off exim altogether.. This is very dissapointing info though.. All I need is one unscrupulous person to lose millions of dollars due to a phishing scam, and I'll be the blame for it, not having any real thorough technical knowledge of what is even happening. ...
by clubchill
Fri Jul 14, 2006 6:51 pm
Forum: 2.0.x Discussion
Topic: They're trying to blame it on phpbb scripts
Replies: 16
Views: 1300

so here's their response.. Hi, This IS an issue with the scripts. Scripts can be exploited. The mail function in php requires variables to be fed to it in order to get the information needed. Most scripts achieve this by using the variable $_POST. Technically, all you need to do to exploit that is t...
by clubchill
Fri Jul 14, 2006 1:02 am
Forum: 2.0.x Discussion
Topic: They're trying to blame it on phpbb scripts
Replies: 16
Views: 1300

They're trying to blame it on phpbb scripts

lol My server was compromised somehow and used to bounce phishing attacks to customers of different banks. The people would receive an email from my domain (with an account that doesnt exist) and ask the person to verify their bank credentials. Anyway, I've been blacklisted on just about every major...
by clubchill
Thu Jul 13, 2006 10:18 pm
Forum: [2.0.x] MOD Requests
Topic: Computer Accounts MOD <-- very important!
Replies: 4
Views: 404

i don't think using IPs would be great. ppl on dial up would have to enter the security thing every time and will get peed off. maybe use somehting like microsoft with their unique ID thingy but it sounds like a good idea ;) Correct, which is why I said this Quote: [[ This does pose a problem for u...
by clubchill
Thu Jul 13, 2006 10:12 pm
Forum: [2.0.x] MOD Requests
Topic: Computer Accounts MOD <-- very important!
Replies: 4
Views: 404

Ramon Fincken wrote: so....

you want for every member a

* list of approved log in IP's

and

* a secret question + answer just in case the IP of the PC doesn't matches the one stored in the list of approved log in IP's or that member?

Rfn


Correct
by clubchill
Thu Jul 13, 2006 10:07 pm
Forum: [2.0.x] MOD Requests
Topic: [Request] Advertising Complete
Replies: 7
Views: 894

dude.. there's a mod for this already.. Its called the Complete Banners Mod v1.3.4 http://www.phpbbhacks.com/download/1254 But does it include all of the features mentioned? There is no demo, so I can't be sure, and unless someone can point out the code for inserting it in between posts and pms, I ...
by clubchill
Thu Jul 13, 2006 9:50 pm
Forum: General Discussion
Topic: For those of you who have "Allow HTML" turned on..
Replies: 20
Views: 11293

Great! Thanks for the feedback guys. I really appreciate it.
by clubchill
Tue Jul 11, 2006 5:29 pm
Forum: General Discussion
Topic: For those of you who have "Allow HTML" turned on..
Replies: 20
Views: 11293

Re: For those of you who have "Allow HTML" turned

Does the DIV tag present any more of a security risk above and beyond use of any other tag? Dear {DEITY}. Forget the DIV tag, disable usage of the SCRIPT tag. People can use that ability to conduct Cross Site Scripting, and do things like stealing your cookies (and thus they can log in as you assum...

Go to advanced search