Three features you would like to see in 3.3.

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
User avatar
John connor
Registered User
Posts: 1721
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Re: Three features you would like to see in 3.3.

Post by John connor » Tue Jun 12, 2018 9:44 pm

Lumpy Burgertushie wrote:
Mon Jun 11, 2018 10:31 pm
John connor wrote:
Mon Jun 11, 2018 9:42 pm
I guess you don't watch or read the news.

" Hacker group steals 15 million user accounts."

" A vulnerability has allowed a hacker to gain access to such and such database."


or the future post of: "HELP! I've had my database stolen!"
and how many of those issues were related to phpbb? none? that is my point.

I was just picking at you about paranoid. no offense meant.
just because you are paranoid doesn't mean they are not out to get ya.
robert
It is true that I'm paranoid, but a little paranoia is a good thing in terms of making sure you are not owned. I said I use 2FA for everything I can, but that doesn't include phpBB. I'd hate to find out my domain account was hacked or my CloudFlare account, etc.

User avatar
John connor
Registered User
Posts: 1721
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Re: Three features you would like to see in 3.3.

Post by John connor » Tue Jun 12, 2018 9:46 pm

stevemaury wrote:
Tue Jun 12, 2018 2:34 pm
John connor wrote:
Mon Jun 11, 2018 9:07 pm
tojag wrote:
Mon Jun 11, 2018 7:11 pm

If I remember correctly, a few years ago the phpBB site was hacked, what was the reason?
Lack of mod_security from what I read on the hacker's blog. :lol:
This is incorrect. It is true that access was obtained to the database. However, it had nothing to do with any security vulnerability in phpBB.
Didn't say it was a vulnerability with the software its self. I read an excerpt of the hackers blog about how he did it and he pointed out something about mod_security. That's a server issue.

User avatar
tojag
Registered User
Posts: 336
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Three features you would like to see in 3.3.

Post by tojag » Wed Jun 13, 2018 7:16 am

John Connor, you are not paranoid, you are a responsible man.
Ignoring security leads to data leakage sooner or later.
No one has to break phpBB security, it's enough that the trojan steals the password from the admin computer or something else happens. 2FA in this case secures access, because the hacker does not have access to an additional codes generator, for example a phone with a Google Authenticator.
If double authentication was not good, nobody would introduce it. Currently, it has most financial services, including cards (3d-secure) but also IT solutions are going in this direction and as I wrote in principle, my entire hosting system at every login is secured with an additional code from the phone except phpBB.
Why in core? Because it ensures that the solution will be compatible and supported by the Team. Extensions are ok but sometimes the author stops making new versions and then all users have a problem, which we have experienced many times.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 19977
Joined: Fri Aug 29, 2008 9:49 am
Location: Cardiff

Re: Three features you would like to see in 3.3.

Post by Mick » Wed Jun 13, 2018 8:42 am

JimA wrote:
Tue Jun 12, 2018 4:12 pm
If we want to discuss the advantages and disadvantages of 2FA, that can get its own topic
Please do start a separate topic on 2FA.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 49472
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Three features you would like to see in 3.3.

Post by stevemaury » Wed Jun 13, 2018 2:43 pm

John connor wrote:
Tue Jun 12, 2018 9:46 pm

Didn't say it was a vulnerability with the software its self. I read an excerpt of the hackers blog about how he did it and he pointed out something about mod_security. That's a server issue.
Had nothing to do with mod_security, either.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. PM or email me.

All unsolicited PMs will be ignored.

User avatar
John connor
Registered User
Posts: 1721
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Re: Three features you would like to see in 3.3.

Post by John connor » Thu Jun 14, 2018 3:05 pm

stevemaury wrote:
Wed Jun 13, 2018 2:43 pm
John connor wrote:
Tue Jun 12, 2018 9:46 pm

Didn't say it was a vulnerability with the software its self. I read an excerpt of the hackers blog about how he did it and he pointed out something about mod_security. That's a server issue.
Had nothing to do with mod_security, either.
I know what I read. From what I remember the hacker mentioned he was able to alter some server files due to lack of mod_security.

User avatar
Lumpy Burgertushie
Registered User
Posts: 64868
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Three features you would like to see in 3.3.

Post by Lumpy Burgertushie » Thu Jun 14, 2018 9:45 pm

how are you even sure that was the actual hacker? why would you believe anything a hacker says? why would someone that hacked phpbb.com admit it in the open and leave themselves open to prosecution?
I think I would believe the staff at phpbb quicker than some anonymous person online that claims to have been the hacker and claims to know how it was done.



robert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

OK, so what's the speed of dark?

User avatar
John connor
Registered User
Posts: 1721
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Re: Three features you would like to see in 3.3.

Post by John connor » Fri Jun 15, 2018 3:14 am

You would be surprised at how many blogs and websites I have read where the hacker talked about how they pulled it all off. In fact, I have followed a Twitter user on hacking and they linked a blog post to a hacker who talked about how he recently took down or defaced an India sports website. There are many ways to mask your presence on the Internet. Don't ever forget that.

Toxyy
Registered User
Posts: 465
Joined: Mon Oct 24, 2016 3:22 pm

Re: Three features you would like to see in 3.3.

Post by Toxyy » Fri Jun 15, 2018 5:03 am

John connor wrote:
Thu Jun 14, 2018 3:05 pm
stevemaury wrote:
Wed Jun 13, 2018 2:43 pm
John connor wrote:
Tue Jun 12, 2018 9:46 pm

Didn't say it was a vulnerability with the software its self. I read an excerpt of the hackers blog about how he did it and he pointed out something about mod_security. That's a server issue.
Had nothing to do with mod_security, either.
I know what I read. From what I remember the hacker mentioned he was able to alter some server files due to lack of mod_security.
How old of a phpbb version?
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

User avatar
3Di
Registered User
Posts: 12893
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Three features you would like to see in 3.3.

Post by 3Di » Fri Jun 15, 2018 5:15 am

Jan 31st, 2009 - .com site hacked (via PHPlist) viewtopic.php?p=14464086#p14464086

This was posted on sep 2013 about that, which explains that all.
The vulnerability used in the attack on PHPlist was actually a zero-day vulnerability that had no patch available until two weeks after the initial attack. As you mention though, a WAF like ModSecurity would have most likely caught this.
Just wondering what all of this has to do with this topic though.
Want to compensate me for my interest? Donate
Please PM me only to request paid works. Thx.
Extensions, Scripts, MOD porting, Update/Upgrades
My development's activity º PhpStorm's proud user

Toxyy
Registered User
Posts: 465
Joined: Mon Oct 24, 2016 3:22 pm

Re: Three features you would like to see in 3.3.

Post by Toxyy » Fri Jun 15, 2018 5:26 am

I guess nothing.

I like 2Fa, I don't know about in 3.3 but I'd like to see it. Why not? Users like being able to protect themselves against their own mistakes.

I guess ajaxifying user interaction as reasonably as possible would be another good thing. Quick replies, editing posts, chat like pms...

A third thing? I don't really know. Things I really do need would be best served as extensions at this point, or just more ajax suggestions.

Oh! I know, this is a good one. How about having the extension db tied into the ACP like wordpress has their extensions, including one (or two click, installation and activation) installs?

Is there an extension that makes a pop up login box? Would be great for mobile especially.

Something I've been thinking about is how a lot of people who use base phpbb don't know about extensions or don't think they can provide what they can. They can change your forum so much it's ridiculous. I don't have any solutions to this but it is something I've been thinking about...
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

User avatar
GanstaZ
Registered User
Posts: 407
Joined: Wed Oct 11, 2017 10:29 pm
Location: Zverse

Re: Three features you would like to see in 3.3.

Post by GanstaZ » Fri Jun 15, 2018 9:55 pm

To be honest a branch number/version doesn't matter.. those things that i want to see are already in development or in a starting/thought stage: wrapping front controllers by httpkernel, new module system & new theme. About +1 or something similar, it should be option based and turned off by default. 2FA is a good thing, but as mentioned some time ago, i think it was in ideas forum, if it is needed, then only to access acp, so again it's option/opinion based.
"When answer lies in the question,.. question becomes redundant!"

Awide
Registered User
Posts: 1
Joined: Sun Aug 12, 2018 5:55 pm

Re: Three features you would like to see in 3.3.

Post by Awide » Sun Aug 12, 2018 6:17 pm

Having optional 2FA would be great.

Post Reply

Return to “phpBB Discussion”

Who is online

Users browsing this forum: gurirubbine and 16 guests