SSL HTTPS help URGENT PLEASE HELP

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Get Involved
hunterhusker
Registered User
Posts: 8
Joined: Sat Apr 14, 2018 10:20 pm

SSL HTTPS help URGENT PLEASE HELP

Post by hunterhusker » Sat Apr 14, 2018 10:37 pm

I am in a cyber defense competition next Saturday. My role is to set up a phpBB forum and defend it from hackers for 8 hours straight. I really need to set up SSL & HTTPS. I have never done any of that stuff before. We get our certificates from the white team so no need to worry about getting one, just setting it all up and how to use it. It is an apache server so would the conversion be the same or is there similar stuff for converting it or is there special stuff for the phpbb part? If you have any help it would be awesome.

User avatar
Brf
Support Team Member
Support Team Member
Posts: 51139
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: SSL HTTPS help URGENT PLEASE HELP

Post by Brf » Sun Apr 15, 2018 12:41 am

SSL and https have nothing at all to do with protecting your server from hackers. They are to protect your users, not your server. In any case, this board is support for phpBB, not setting up your server.

hunterhusker
Registered User
Posts: 8
Joined: Sat Apr 14, 2018 10:20 pm

Re: SSL HTTPS help URGENT PLEASE HELP

Post by hunterhusker » Sun Apr 15, 2018 1:47 am

Yes it is for phpBB support I was asking is there anything I must do different to set up a phpBB server versus all other servers. I know it wont protect my server from hackers but it will protect the data being transmitted through http from being sniffed and taken by the red team. I don't know if there will be anything different settings wise in phpBB that is why I came to the phpBB forum to ask for help on how to set up the phpBB service with SSL.

User avatar
Lumpy Burgertushie
Registered User
Posts: 64471
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: SSL HTTPS help URGENT PLEASE HELP

Post by Lumpy Burgertushie » Sun Apr 15, 2018 3:50 am

no offense but if you don't know how this all works then you probably do not have a chance in this competition.

there is no "phpbb server" phpbb is simply a bulletin board software that you install on a web hosting server.
'it is written in php and uses database that is normally mysql.

even if someone sniffs your packets when making posts etc. on phpbb it will not give them any access to the server that it is installed on.

however, you will need to learn how to setup your server for SSL which, as brf stated above has nothing to do with phpbb.

once you have the server setup then you simply change your phpbb settings to cookie secure and use https instead of http.
sometimes you also have to add a bit to your htaccess file to redirect http to https but that has little to do with the security of the data being transferred.


robert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

User avatar
Mick
Support Team Member
Support Team Member
Posts: 19362
Joined: Fri Aug 29, 2008 9:49 am
Location: Cardiff
Contact:

Re: SSL HTTPS help URGENT PLEASE HELP

Post by Mick » Sun Apr 15, 2018 7:43 am

If this is a fresh install just make sure SSL is working before you install phpBB and it will work with HTTPS straight away. Like the others I’m not certain what this has to do with stopping your server being hacked.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.
Forza Garibaldi

User avatar
david63
Jr. Extension Validator
Posts: 14335
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: SSL HTTPS help URGENT PLEASE HELP

Post by david63 » Sun Apr 15, 2018 7:49 am

If, and it is a big IF, your install of phpBB is hacked I am sure that the phpBB security team would be interested and would like all the information that you can provide.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

hunterhusker
Registered User
Posts: 8
Joined: Sat Apr 14, 2018 10:20 pm

Re: SSL HTTPS help URGENT PLEASE HELP

Post by hunterhusker » Sun Apr 15, 2018 3:21 pm

So yeah I have done it now. It is not different from apache. I wanted to know about settings in the forum acp itself. I understand SSL and HTTPS and how to set it up for apache. So in this competition they will be sniffing packets and all sorts of stuff to steal account info. We have used apache servers in the past and it can be sniffed and taken down. PhpBB was used the year before I joined my club and they said it was the first to go down and that I had to work very hard on it. Sorry for any lack of knowledge I am in Highschool and I only have one year of experience with this. This isn't like normal security its all the same yes, but it is required to be really good because it is all basically worst case scenario for a whole day. I do understand the https is just to encrypt traffic. Its just a good thing to have.

User avatar
Froddelaar
Registered User
Posts: 824
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: SSL HTTPS help URGENT PLEASE HELP

Post by Froddelaar » Sun Apr 15, 2018 3:58 pm

phpBb is not easy to hack.
And do not use passwords, but phrases that do not make sense.
Like: My banana tastes like my ass

I also use this firewall:
https://nintechnet.com/ninjafirewall/
So far, it has already blocked 2 SQL injections.

Nothing to do with this SSL topic.. but still .... :D
Wij promoten UW muziek in ons forum & delen alles via Sociale media!
Muziek wordt ook toegevoegd in de playlist van
textradio.be!
Mail uw single + hoesje + info naar: info@muziekpromo.net of Solidjeuh@textradio.be
===============
Onze Website: https://www.muziekpromo.net

User avatar
Lumpy Burgertushie
Registered User
Posts: 64471
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: SSL HTTPS help URGENT PLEASE HELP

Post by Lumpy Burgertushie » Sun Apr 15, 2018 4:26 pm

yes, using a harder password is important . however considering how phpbb encrypts them it is very very hard to break it and find out anyone's password.

whoever told you that phpbb 3 was hacked easily was lying to you or they hacked the server first. once you have server access there is no hacking needed to access any program installed on that server.

robert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

hunterhusker
Registered User
Posts: 8
Joined: Sat Apr 14, 2018 10:20 pm

Re: SSL HTTPS help URGENT PLEASE HELP

Post by hunterhusker » Sun Apr 15, 2018 8:31 pm

So in resonse to the last two posts. We use lastpass to generate 20 character passwords for all accounts that aren't provided by the officials. Yes the servers are pre-hacked full of backdoors and bad configs and lousy passwords. We also got our hands on a full professional version of barracuda to block SQL injections and all that. We also run pfsense, snort, and mod-security to keep everyone out, although that is hard as there are accounts set up to fail/already leaked. This year they graciously allowed me to do a fresh install of phpBB, but the years before they said it was super out of date phpBB and it was already compromised, but I take that as it is comprimiseable. I am glad to hear you all have such confidence in the software though I hope it wont be my weak point. I'm looking at my SQL & SSH as my weak spots right now. Its a capture the flag game and the hackers have to turn off servers, and plant or capture flags like a capture the flag game kids would play. So I am gonna password protect my root directory as that is the location of my flags. Haha that will make them extra mad. :twisted:
edit: Thought I should add yes it is a bad idea to make the hackers mad I was kidding about making them mad

User avatar
Lumpy Burgertushie
Registered User
Posts: 64471
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: SSL HTTPS help URGENT PLEASE HELP

Post by Lumpy Burgertushie » Sun Apr 15, 2018 11:21 pm

from the beginning of phpbb3 it has had proffesional outside security audits. I think at least each major update/upgrade gets a new one. I could be wrong about how often. however, as far as I know there has not been any successful hacks of phpbb since version 2.0.23

so, like I said, if a hacker gets access to your server there is nothing he can't access from that point. give me your ftp username/password and I can completely destroy everything on your server.


robert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

hunterhusker
Registered User
Posts: 8
Joined: Sat Apr 14, 2018 10:20 pm

Re: SSL HTTPS help URGENT PLEASE HELP

Post by hunterhusker » Mon Apr 16, 2018 2:24 am

Well at the beginning of the year the server was on windows 95 and it was running phpBB like 1.0. The scenario was they forgot about it a decade ago and the "customers" wanted it repaired. SO to "repair" it I put it on ubuntu and upgraded to 3.2.2.

User avatar
Lumpy Burgertushie
Registered User
Posts: 64471
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: SSL HTTPS help URGENT PLEASE HELP

Post by Lumpy Burgertushie » Mon Apr 16, 2018 3:07 am

that is good, the versions of phpbb previous to 3.0 did have a bad reputation for being vulnerable to hacking. no longer.


robert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

User avatar
3Di
Registered User
Posts: 12550
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: SSL HTTPS help URGENT PLEASE HELP

Post by 3Di » Mon Apr 16, 2018 3:56 am

hunterhusker wrote:
Mon Apr 16, 2018 2:24 am
Well at the beginning of the year the server was on windows 95 and it was running phpBB like 1.0. The scenario was they forgot about it a decade ago and the "customers" wanted it repaired. SO to "repair" it I put it on ubuntu and upgraded to 3.2.2.
I am sure you are talking about phpBB 2.0.xx, isnt?
The 1.0 version has been released on Dec, 2000.

I am not sure if it is possible to convert 1.0 to 2.0.xx too.
AFAIR converting from 1.4.x to 2.0.xx is possible, if still your server supports its specifics.
Want to compensate me for my interest? Donate
Please PM me only to request paid works. Thx.
Extensions, Scripts, MOD porting, Update/Upgrades
My development's activity º PhpStorm's proud user

User avatar
John connor
Registered User
Posts: 1582
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Re: SSL HTTPS help URGENT PLEASE HELP

Post by John connor » Mon Apr 16, 2018 4:02 am

You may want to read my write up I have a link to in my signature. I would also use CloudFlare and CIDRAM. I know the author of CIDRAM. I can help you greatly at protecting your site, although, I'm code stupid. :lol:

As far as HTTPS goes. Just use cPanel's Lets Encrypt free service. It should be there in most hosting providers. If not, I would question that host.

With CloudFlare you have to set up the DNS before the website is propagated in the Internet. Otherwise DNS hosting history sites or CloudFlare resolvers like CrimeFlare will see your origin IP address. If you are using a VPS, then block all IPs except CloudFlare's. Also, use a third-party E-mail service like something from Namecheap or Gmail and delete the MX record. The MX record will rat your origin IP out.



Where can I take part in this hacking project? Can I sign up?

Post Reply

Return to “phpBB Discussion”

Who is online

Users browsing this forum: a1topdog, CHItA, maxbowel, robmon75 and 23 guests