Search found 41 matches

by Saubloed
Sun Jan 11, 2004 10:14 pm
Forum: 2.0.x Discussion
Topic: security of passwords
Replies: 20
Views: 2098

Actually no. Acording to that Chart you supplied A 6 charactor password would take up to 3 Months. As i wrote above a Athlon 1.53 Ghz can do the bruteforce 50 times faster as in the chart. Due to the fact that phpBB uses all printable charactors for passwords. phpBB only use what you choose as pass...
by Saubloed
Sat Jan 10, 2004 3:17 pm
Forum: 2.0.x Discussion
Topic: security of passwords
Replies: 20
Views: 2098

Passwords up to 6 characters (all printable charset) can be bruteforced within a hour even with not up-to-date machines.

Combined with other Problems (insecure Browser like Internet Explorer or non up-to-date phpBB version or equal passwords for everything) it is very danger.
by Saubloed
Sat Jan 10, 2004 3:00 pm
Forum: 2.0.x Discussion
Topic: security of passwords
Replies: 20
Views: 2098

From "All about passwords" Website: At 100,000 passwords per second psw length / charset 4 / 96 (all printable) -> 13 minutes 5 / 96 (all printable) -> 22 hours Source: http://lastbit.com/psw.asp MDcrack benchmarks: Athlon 1.53 Ghz -> 5 080 455 passwords per second Source: http://mdcrack.d...
by Saubloed
Fri Jan 09, 2004 10:51 pm
Forum: 2.0.x Discussion
Topic: security of passwords
Replies: 20
Views: 2098

I have wrote (two weeks ago) to the creator of this text and he corrected it: doing something like this on a long enough string would take years If you have a password with only 4 or 5 character it will take only some seconds to bruteforce it. Athlon 1.53 Ghz: 5 080 455 MD5 speed (hashes/second) wit...
by Saubloed
Tue Jan 06, 2004 3:01 pm
Forum: 2.0.x Discussion
Topic: To all phpBB developer - where is the announce Mailinglist
Replies: 4
Views: 672

Ok thank you very much that you take me serious.

That linux local root exploits make me cracy if i know that some of my users do no take security holes serious.
by Saubloed
Tue Jan 06, 2004 1:23 pm
Forum: 2.0.x Discussion
Topic: To all phpBB developer - where is the announce Mailinglist
Replies: 4
Views: 672

Ok that can also be a joke: :( http://www.phpbb.com/bugs/bug.php?op=show&bugid=1262&pos=0 Debug ist by default on because: Yes, this is intended to be set to on, to better serve the numorous support people. :) Nice. That make it really easy to use security holes. Sorry i cant write examples ...
by Saubloed
Tue Jan 06, 2004 1:03 pm
Forum: 2.0.x Discussion
Topic: To all phpBB developer - where is the announce Mailinglist
Replies: 4
Views: 672

To all phpBB developer - where is the announce Mailinglist

psoTFX wrote there: http://www.phpbb.com/phpBB/viewtopic.php?t=161943 Remember always check this forum (and the downloads page) when you come across a "new" vulnerability or other issue. Please ensure you update accordingly. In doing so you are protecting yourself from all known issues and...
by Saubloed
Sat Dec 06, 2003 7:48 pm
Forum: [2.0.x] MOD Requests
Topic: Admin tool: phpbb news or version check on Admin Index
Replies: 5
Views: 530

(...) Let me know how you get on with it, all being well i'll submit it to the mods db. Ok works but only with allow_url_fopen = On. Maybe there sould be a warning in the install-text that register_gloabls should be off for global security reasons (register_gloabls and allow_url_fopen on is really ...
by Saubloed
Sat Dec 06, 2003 11:52 am
Forum: [2.0.x] MOD Requests
Topic: Admin tool: phpbb news or version check on Admin Index
Replies: 5
Views: 530

Admin tool: phpbb news or version check on Admin Index

Hello! Since i know that most phpBB admins do NOT check for news or security updates there should be a MOD or better someting build in that checks for new versions. I think there sould be a big bold message on top of the main "Admin Index" site if there is a new security update for the ins...
by Saubloed
Thu Aug 08, 2002 3:58 pm
Forum: [2.0.x] MODs in Development
Topic: [WAITING VALIDATION] Validate email
Replies: 60
Views: 9951

Can someone fix the Hotmail bug? :(
by Saubloed
Sat Jun 22, 2002 10:06 am
Forum: [2.0.x] MODs in Development
Topic: [FINAL] Prune inactive/Zero posters
Replies: 81
Views: 26117

davidh44 wrote: There's no need to reinstall phpBB2 if you're just looking to upgrade 1.1.1 to 1.2.0


Thank you! I will try that! :)
by Saubloed
Fri Jun 21, 2002 8:58 pm
Forum: [2.0.x] MODs in Development
Topic: [FINAL] Prune inactive/Zero posters
Replies: 81
Views: 26117

I can only can say:
do not install this mod! It dont show confirmations and it should not be marked as final.

Moonbase made a improved version of this mod (i will reinstall phpBB2 and use this mod):
http://www.phpbb.com/phpBB/viewtopic.ph ... 346#144346
by Saubloed
Mon Jun 10, 2002 8:14 pm
Forum: [2.0.x] MODs in Development
Topic: [FINAL] Prune inactive/Zero posters
Replies: 81
Views: 26117

Of course i mean Version 1.1.1 (i will tryout the new one) Again: it is not a bug, not logged in since X days, means that the user have not logged in for X days, Who have never logged in never = 0 times therefore a banned user can be in the deletion list, if he/she have been banned for a while, if y...
by Saubloed
Thu Jun 06, 2002 9:51 pm
Forum: [2.0.x] MODs in Development
Topic: [FINAL] Prune inactive/Zero posters
Replies: 81
Views: 26117

There is a bug in 1.1.0!

Banned users should not be included intow pruning users.

There is a banned user displayed at:
"Who have never logged in" but he wrote some messages so this cannot be correct!
or should this mean:
who was not logged in since x days?
by Saubloed
Mon Apr 01, 2002 8:48 am
Forum: 2.0.x Support Forum
Topic: Bad RC4 word censors changes since RC3?
Replies: 2
Views: 341

RC3: I have replaced @ with *at* e.g. instead of someone@somewhere.tld it display someone*at*somewhere.tld that dont work anymore in RC4 and something is really messed up with RC4: I have censored badword badword* *badword *badword* and only the following will be replaced: xyzbadword xyzbadwordxyz a...

Go to advanced search