[DEV] phpBB Security

[aUsTiN-Inc]

Looks right... But your root directory isn't needed here.

[onigumo]

Will I have the option to disable user security question in ACP?

[aUsTiN-Inc]

Sure wont.

[Wolf_Kanuni]

Would this mod work with profile control panel? Niel's protect user accounts was incompatible.

[aUsTiN-Inc]

You would need to convert the profile stuff to work with it.

[afterlife_69]

major problem, i locked myself out of my site @ MeetThe1337.com
i was testing to 5-login attempt thing and now it wont accept my email/username to re-enable it help please?

[Wolf_Kanuni]

You would need to convert the profile stuff to work with it.

Hmm OK thanks. Would you help with this conversion?

[megablastadmin]

major problem, i locked myself out of my site @ MeetThe1337.com
i was testing to 5-login attempt thing and now it wont accept my email/username to re-enable it help please?

Please go to your phpmyadmin and
remove your username from the ban table

[aUsTiN-Inc]

Actually you need to look in the users_table while you are in the phpMyAdmin area & find the correct email for the account. While you are there you can reset tries & pm_sent to 0 & thatll unlock your account.

[BoomShake007]

so do i need a public_html folder? and where would i put this exactly? I'm using SmartFTP, and i see the folders for my subdomains and a folder called "htdocs". Do i create the public_html folder on this level? And perhaps a silly question, but where do i find the listing of attempted attacks? It's nowhere in the admin control panel, and i cant find any links.

And i've found a problem. Everything works fine, except I have the SQ update disabled, but people can still update their SQ stuff...what could be the issue here?

[aUsTiN-Inc]

Umm, there is no feature to disable the SQ, as its not avaliable to disable....

To view the list of who has attempted to exploit your site, read the install, specifically the edits to overall_footer.tpl

As for the making a folder, the best way is contact your host & ask them the root path to your domain, then use that & make sure the path in the admin/.htaccess points to the .phpbbsecurity file correctly.

[BoomShake007]

in my ACP, this is the option i was speaking about (under config-->phpBB Security)

Allow users to change their SQ info. Not recommended.()Enabled(*)Disabled

Obviously it doesnt have symbols, but radio buttons.

When I go to my profile, at the bottom, both the security question and answer are text fields. The password is indeed encrypted, but i was ablet to type a new one in, hit submit, and it said that the changes were made.

[afterlife_69]

if you ever get locked out just remove the mod from LOGIN.PHP till u reactivate your account

[Firestorm_Hellkite_]

Reguardless what anyone says, something like this mod needs to be added to future releases of phpbb, to twart any attemts to take over a site. I would ask the Dev team to look into adding more security for the admin panel, as that is how most sites are going down, if its possible.

[aUsTiN-Inc]

Brad, will never happen & i wont go into details why.

As for it updating, it might have said it did, but if you dont allow users to change it, it will not change.