Page 1 of 1

Tracking Users, Finding Malicious Users, Security on phpBB

Posted: Wed May 02, 2007 6:28 pm
by urbanistic
I am an admin of a community site with private forums, and someone keeps leaking information from inside our forum. What I need to obtian is ways to check records in mySQL or in the phpBB php records... and I dont know where to start.

Main objective...

Monitoring access to particular forums via IP and user name.
Monitoring commands such as email or print.
Verifying IP access tied to accounts.

Hopeful outcome...

Flush the person who may be using a stolen account and password.
Eliminate violations of privacy by eliminating access by malicious member.

Could anyone point me in the right direction here?

Re: Tracking Users, Finding Malicious Users, Security on phpBB

Posted: Wed May 02, 2007 6:59 pm
by ToonArmy
No support for live forums, and phpBB doesn't really track users to the detail you will require. You could try using the HTTP server log but thats not going to be too helpful either.

Re: Tracking Users, Finding Malicious Users, Security on phpBB

Posted: Wed May 02, 2007 8:38 pm
by urbanistic
Thanks for your reply!

I notice that on each thread I am able to view the IP address in the topic details. I am also able to see which IP address they registered from in the user details under admin rights.

I think this may be a good start. Maybe I should be looking at how phpBB queries that information?

Re: Tracking Users, Finding Malicious Users, Security on phpBB

Posted: Mon May 07, 2007 9:59 pm
by b9tumor
Yea I would start there. Also you might want to tighten down your backend database and make sure your permissions settings are not compromised.

Re: Tracking Users, Finding Malicious Users, Security on phpBB

Posted: Mon May 07, 2007 10:14 pm
by thepetulantpooner
Gee, maybe your first line of defense should be to avoid pissing people off.

Re: Tracking Users, Finding Malicious Users, Security on phpBB

Posted: Mon May 07, 2007 10:15 pm
by urbanistic
Good idea! Yes, the database itself is 100% secure, there is no way to penetrate that. Ive been given advanced IP mods for the phpbb that allows me to view any IP activity anywhere on the site. It took me a long time editing phps and templates, and reviewing SQL documentation, but it is complete and working successfully. That particular mod will be submitted for review to the phpBB team once the rc1 comes out.

After contacting my ISP and server management people, they gave me a wealth of knowledge as far as tracking users that access the site. I highly recommend that you contact your isp and hosting provider and inquire, they have a bunch of slick tricks up their sleeve... much more advanced than I ever gave them credit, and I am in the network security field.

As for permissions, would you like to clarify about possible permissions compromise?

Re: Tracking Users, Finding Malicious Users, Security on phpBB

Posted: Mon May 07, 2007 10:19 pm
by david63
Are you using phpbb2 or phpbb3?

The reason I ask is that you state
urbanistic wrote: Ive been given advanced IP mods for the phpbb
but there are no mods for phpbb3!

Re: Tracking Users, Finding Malicious Users, Security on phpBB

Posted: Mon May 07, 2007 10:46 pm
by urbanistic
True... I used phpbb3 on this last endeavor, and noticed a few things changed, which is why I posted about it. The phpBB2 had plenty of IP mods... one in particular called the Advanced IP Tools Pack, which I modified a bit to suit my needs on phpbb2. phpBB3 isn't even out yet, nor are there mods or support for mods.

Re: Tracking Users, Finding Malicious Users, Security on phpBB

Posted: Mon May 07, 2007 10:57 pm
by Highway of Life
You could use the "Force account reactivation" of suspected members stolen accounts... that might help.
I would also set the online time to something closer to 2 or 4 hours so you can see when someone is online and click the whoisonline link to find out where they are and see their IP address.

Hopefully that helps.

Re: Tracking Users, Finding Malicious Users, Security on phpBB

Posted: Thu Sep 13, 2007 9:38 pm
by PTS
urbanistic wrote:Thanks for your reply!

I notice that on each thread I am able to view the IP address in the topic details. I am also able to see which IP address they registered from in the user details under admin rights.

I think this may be a good start. Maybe I should be looking at how phpBB queries that information?
Hi, I do not see the IP address of the user in the user details in admin panel. How or where do I enable/see this? I have phpBB3 RC5