[DEV] phpBB Security

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
Locked
User avatar
aUsTiN-Inc
Registered User
Posts: 929
Joined: Fri Apr 16, 2004 10:31 am
Location: Georgia
Contact:

Post by aUsTiN-Inc »

Looks right... But your root directory isn't needed here.
¤ phpBB Security ¤ Blend Portal Creator ¤
¤ Activity Mod Plus Creator «« 2004 phpBBHacks "Hack" Of The Year ¤
¤ Activity Mod Plus Home ¤ 2004 phpBBHacks "Hack" Author Of The Year ¤
My mods are never done, always in update status!
User avatar
onigumo
Registered User
Posts: 1755
Joined: Fri Oct 31, 2003 2:32 am
Contact:

Post by onigumo »

Will I have the option to disable user security question in ACP?
I write articles on community building
@ The Infinity Program.
User avatar
aUsTiN-Inc
Registered User
Posts: 929
Joined: Fri Apr 16, 2004 10:31 am
Location: Georgia
Contact:

Post by aUsTiN-Inc »

Sure wont.
¤ phpBB Security ¤ Blend Portal Creator ¤
¤ Activity Mod Plus Creator «« 2004 phpBBHacks "Hack" Of The Year ¤
¤ Activity Mod Plus Home ¤ 2004 phpBBHacks "Hack" Author Of The Year ¤
My mods are never done, always in update status!
Wolf_Kanuni
Registered User
Posts: 34
Joined: Tue Nov 23, 2004 10:42 am

Post by Wolf_Kanuni »

Would this mod work with profile control panel? Niel's protect user accounts was incompatible. :?
User avatar
aUsTiN-Inc
Registered User
Posts: 929
Joined: Fri Apr 16, 2004 10:31 am
Location: Georgia
Contact:

Post by aUsTiN-Inc »

You would need to convert the profile stuff to work with it.
¤ phpBB Security ¤ Blend Portal Creator ¤
¤ Activity Mod Plus Creator «« 2004 phpBBHacks "Hack" Of The Year ¤
¤ Activity Mod Plus Home ¤ 2004 phpBBHacks "Hack" Author Of The Year ¤
My mods are never done, always in update status!
afterlife_69
I've Been Banned!
Posts: 630
Joined: Tue Nov 30, 2004 10:35 am

Post by afterlife_69 »

major problem, i locked myself out of my site @ MeetThe1337.com
i was testing to 5-login attempt thing and now it wont accept my email/username to re-enable it help please?
Wolf_Kanuni
Registered User
Posts: 34
Joined: Tue Nov 23, 2004 10:42 am

Post by Wolf_Kanuni »

You would need to convert the profile stuff to work with it.

Hmm OK thanks. Would you help with this conversion?
megablastadmin
Registered User
Posts: 193
Joined: Tue Aug 31, 2004 9:53 am
Contact:

Post by megablastadmin »

afterlife_69 wrote: major problem, i locked myself out of my site @ MeetThe1337.com
i was testing to 5-login attempt thing and now it wont accept my email/username to re-enable it help please?


Please go to your phpmyadmin and
remove your username from the ban table
User avatar
aUsTiN-Inc
Registered User
Posts: 929
Joined: Fri Apr 16, 2004 10:31 am
Location: Georgia
Contact:

Post by aUsTiN-Inc »

Actually you need to look in the users_table while you are in the phpMyAdmin area & find the correct email for the account. While you are there you can reset tries & pm_sent to 0 & thatll unlock your account.
¤ phpBB Security ¤ Blend Portal Creator ¤
¤ Activity Mod Plus Creator «« 2004 phpBBHacks "Hack" Of The Year ¤
¤ Activity Mod Plus Home ¤ 2004 phpBBHacks "Hack" Author Of The Year ¤
My mods are never done, always in update status!
BoomShake007
Registered User
Posts: 72
Joined: Sun Jan 23, 2005 6:53 pm

Post by BoomShake007 »

so do i need a public_html folder? and where would i put this exactly? I'm using SmartFTP, and i see the folders for my subdomains and a folder called "htdocs". Do i create the public_html folder on this level? And perhaps a silly question, but where do i find the listing of attempted attacks? It's nowhere in the admin control panel, and i cant find any links.

And i've found a problem. Everything works fine, except I have the SQ update disabled, but people can still update their SQ stuff...what could be the issue here?
User avatar
aUsTiN-Inc
Registered User
Posts: 929
Joined: Fri Apr 16, 2004 10:31 am
Location: Georgia
Contact:

Post by aUsTiN-Inc »

Umm, there is no feature to disable the SQ, as its not avaliable to disable....

To view the list of who has attempted to exploit your site, read the install, specifically the edits to overall_footer.tpl

As for the making a folder, the best way is contact your host & ask them the root path to your domain, then use that & make sure the path in the admin/.htaccess points to the .phpbbsecurity file correctly.
¤ phpBB Security ¤ Blend Portal Creator ¤
¤ Activity Mod Plus Creator «« 2004 phpBBHacks "Hack" Of The Year ¤
¤ Activity Mod Plus Home ¤ 2004 phpBBHacks "Hack" Author Of The Year ¤
My mods are never done, always in update status!
BoomShake007
Registered User
Posts: 72
Joined: Sun Jan 23, 2005 6:53 pm

Post by BoomShake007 »

in my ACP, this is the option i was speaking about (under config-->phpBB Security)
Allow users to change their SQ info. Not recommended.()Enabled(*)Disabled

Obviously it doesnt have symbols, but radio buttons.

When I go to my profile, at the bottom, both the security question and answer are text fields. The password is indeed encrypted, but i was ablet to type a new one in, hit submit, and it said that the changes were made.
afterlife_69
I've Been Banned!
Posts: 630
Joined: Tue Nov 30, 2004 10:35 am

Post by afterlife_69 »

if you ever get locked out just remove the mod from LOGIN.PHP till u reactivate your account
Firestorm_Hellkite_
Registered User
Posts: 270
Joined: Tue Mar 08, 2005 7:20 pm
Location: USA,Florida
Contact:

Post by Firestorm_Hellkite_ »

Reguardless what anyone says, something like this mod needs to be added to future releases of phpbb, to twart any attemts to take over a site. I would ask the Dev team to look into adding more security for the admin panel, as that is how most sites are going down, if its possible.
"Wherein there lieth smoke, so too shall there be fire, and that fire shall grow, and consume us all."
Mega Forums - Home Of Multiple Forums
Phpbb Help
For Sale PhpBB-Mods.com
Tic Tac Toe Mod
User avatar
aUsTiN-Inc
Registered User
Posts: 929
Joined: Fri Apr 16, 2004 10:31 am
Location: Georgia
Contact:

Post by aUsTiN-Inc »

Brad, will never happen & i wont go into details why.

As for it updating, it might have said it did, but if you dont allow users to change it, it will not change.
¤ phpBB Security ¤ Blend Portal Creator ¤
¤ Activity Mod Plus Creator «« 2004 phpBBHacks "Hack" Of The Year ¤
¤ Activity Mod Plus Home ¤ 2004 phpBBHacks "Hack" Author Of The Year ¤
My mods are never done, always in update status!
Locked

Return to “[2.0.x] MODs in Development”