Three features you would like to see in 3.3.

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Suggested Hosts
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Three features you would like to see in 3.3.

Post by 2600 »

Lumpy Burgertushie wrote: Mon Jun 11, 2018 10:31 pm
John connor wrote: Mon Jun 11, 2018 9:42 pm I guess you don't watch or read the news.

" Hacker group steals 15 million user accounts."

" A vulnerability has allowed a hacker to gain access to such and such database."


or the future post of: "HELP! I've had my database stolen!"
and how many of those issues were related to phpbb? none? that is my point.

I was just picking at you about paranoid. no offense meant.
just because you are paranoid doesn't mean they are not out to get ya.
robert
It is true that I'm paranoid, but a little paranoia is a good thing in terms of making sure you are not owned. I said I use 2FA for everything I can, but that doesn't include phpBB. I'd hate to find out my domain account was hacked or my CloudFlare account, etc.
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Three features you would like to see in 3.3.

Post by 2600 »

stevemaury wrote: Tue Jun 12, 2018 2:34 pm
John connor wrote: Mon Jun 11, 2018 9:07 pm
tojag wrote: Mon Jun 11, 2018 7:11 pm
If I remember correctly, a few years ago the phpBB site was hacked, what was the reason?
Lack of mod_security from what I read on the hacker's blog. :lol:
This is incorrect. It is true that access was obtained to the database. However, it had nothing to do with any security vulnerability in phpBB.
Didn't say it was a vulnerability with the software its self. I read an excerpt of the hackers blog about how he did it and he pointed out something about mod_security. That's a server issue.
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Three features you would like to see in 3.3.

Post by tojag »

John Connor, you are not paranoid, you are a responsible man.
Ignoring security leads to data leakage sooner or later.
No one has to break phpBB security, it's enough that the trojan steals the password from the admin computer or something else happens. 2FA in this case secures access, because the hacker does not have access to an additional codes generator, for example a phone with a Google Authenticator.
If double authentication was not good, nobody would introduce it. Currently, it has most financial services, including cards (3d-secure) but also IT solutions are going in this direction and as I wrote in principle, my entire hosting system at every login is secured with an additional code from the phone except phpBB.
Why in core? Because it ensures that the solution will be compatible and supported by the Team. Extensions are ok but sometimes the author stops making new versions and then all users have a problem, which we have experienced many times.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26455
Joined: Fri Aug 29, 2008 9:49 am

Re: Three features you would like to see in 3.3.

Post by Mick »

JimA wrote: Tue Jun 12, 2018 4:12 pmIf we want to discuss the advantages and disadvantages of 2FA, that can get its own topic
Please do start a separate topic on 2FA.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 52767
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Three features you would like to see in 3.3.

Post by stevemaury »

John connor wrote: Tue Jun 12, 2018 9:46 pm
Didn't say it was a vulnerability with the software its self. I read an excerpt of the hackers blog about how he did it and he pointed out something about mod_security. That's a server issue.
Had nothing to do with mod_security, either.
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Three features you would like to see in 3.3.

Post by 2600 »

stevemaury wrote: Wed Jun 13, 2018 2:43 pm
John connor wrote: Tue Jun 12, 2018 9:46 pm
Didn't say it was a vulnerability with the software its self. I read an excerpt of the hackers blog about how he did it and he pointed out something about mod_security. That's a server issue.
Had nothing to do with mod_security, either.
I know what I read. From what I remember the hacker mentioned he was able to alter some server files due to lack of mod_security.
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Three features you would like to see in 3.3.

Post by Lumpy Burgertushie »

how are you even sure that was the actual hacker? why would you believe anything a hacker says? why would someone that hacked phpbb.com admit it in the open and leave themselves open to prosecution?
I think I would believe the staff at phpbb quicker than some anonymous person online that claims to have been the hacker and claims to know how it was done.



robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
2600
I've Been Banned!
Posts: 2567
Joined: Fri Nov 14, 2014 5:14 pm
Location: Area-51

Re: Three features you would like to see in 3.3.

Post by 2600 »

You would be surprised at how many blogs and websites I have read where the hacker talked about how they pulled it all off. In fact, I have followed a Twitter user on hacking and they linked a blog post to a hacker who talked about how he recently took down or defaced an India sports website. There are many ways to mask your presence on the Internet. Don't ever forget that.
Morpheus: Unfortunately, no one can be told what The Matrix is. You'll have to see it for yourself.
Hack me.
Consider a canary token.
The nature of my chosen username
:ugeek:
User avatar
Toxyy
Registered User
Posts: 938
Joined: Mon Oct 24, 2016 3:22 pm
Location: Namek
Contact:

Re: Three features you would like to see in 3.3.

Post by Toxyy »

John connor wrote: Thu Jun 14, 2018 3:05 pm
stevemaury wrote: Wed Jun 13, 2018 2:43 pm
John connor wrote: Tue Jun 12, 2018 9:46 pm
Didn't say it was a vulnerability with the software its self. I read an excerpt of the hackers blog about how he did it and he pointed out something about mod_security. That's a server issue.
Had nothing to do with mod_security, either.
I know what I read. From what I remember the hacker mentioned he was able to alter some server files due to lack of mod_security.
How old of a phpbb version?
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

Some of my extensions:
[3.3][BETA] Post Form Templates || [3.3][BETA] Anonymous Posts || [3.2][3.3][BETA] ACP Merge Child Forums || [3.2][BETA] Sticky Ad || [3.2][DEV] User Delete Topics || [3.3][DEV] Moderate While Searching || [3.3][RC] Short Number Twig Extension
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Three features you would like to see in 3.3.

Post by 3Di »

Jan 31st, 2009 - .com site hacked (via PHPlist) viewtopic.php?p=14464086#p14464086

This was posted on sep 2013 about that, which explains that all.
The vulnerability used in the attack on PHPlist was actually a zero-day vulnerability that had no patch available until two weeks after the initial attack. As you mention though, a WAF like ModSecurity would have most likely caught this.
Just wondering what all of this has to do with this topic though.
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
User avatar
Toxyy
Registered User
Posts: 938
Joined: Mon Oct 24, 2016 3:22 pm
Location: Namek
Contact:

Re: Three features you would like to see in 3.3.

Post by Toxyy »

I guess nothing.

I like 2Fa, I don't know about in 3.3 but I'd like to see it. Why not? Users like being able to protect themselves against their own mistakes.

I guess ajaxifying user interaction as reasonably as possible would be another good thing. Quick replies, editing posts, chat like pms...

A third thing? I don't really know. Things I really do need would be best served as extensions at this point, or just more ajax suggestions.

Oh! I know, this is a good one. How about having the extension db tied into the ACP like wordpress has their extensions, including one (or two click, installation and activation) installs?

Is there an extension that makes a pop up login box? Would be great for mobile especially.

Something I've been thinking about is how a lot of people who use base phpbb don't know about extensions or don't think they can provide what they can. They can change your forum so much it's ridiculous. I don't have any solutions to this but it is something I've been thinking about...
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

Some of my extensions:
[3.3][BETA] Post Form Templates || [3.3][BETA] Anonymous Posts || [3.2][3.3][BETA] ACP Merge Child Forums || [3.2][BETA] Sticky Ad || [3.2][DEV] User Delete Topics || [3.3][DEV] Moderate While Searching || [3.3][RC] Short Number Twig Extension
User avatar
GanstaZ
Registered User
Posts: 1187
Joined: Wed Oct 11, 2017 10:29 pm
Location: GZOverse

Re: Three features you would like to see in 3.3.

Post by GanstaZ »

To be honest a branch number/version doesn't matter.. those things that i want to see are already in development or in a starting/thought stage: wrapping front controllers by httpkernel, new module system & new theme. About +1 or something similar, it should be option based and turned off by default. 2FA is a good thing, but as mentioned some time ago, i think it was in ideas forum, if it is needed, then only to access acp, so again it's option/opinion based.
Usus est magister optimus! phpBB pre-Triton & latest php environment.
When answer lies in the question, question becomes redundant!
Awide
Registered User
Posts: 1
Joined: Sun Aug 12, 2018 5:55 pm

Re: Three features you would like to see in 3.3.

Post by Awide »

Having optional 2FA would be great.
daviceroy
Registered User
Posts: 19
Joined: Fri Jan 29, 2010 3:48 am

Re: Three features you would like to see in 3.3.

Post by daviceroy »

I am also in favor of adding 2FA as an optional option for administrators as an extra layer of protection.
User avatar
abdu7maan
Registered User
Posts: 128
Joined: Tue Apr 02, 2019 11:23 am
Contact:

Re: Three features you would like to see in 3.3.

Post by abdu7maan »

Wes of StarArmy wrote: Thu May 10, 2018 1:55 pm
Here's my favorite ideas for phpBB3.3:
  • WYSIWYG posting! (Why am I still using bbcode for this list? :P)
  • The ability to paste images directly into posts with Control+V. This is so nice on forums that have it.
  • Push notifications
Supporter with you in your opinion
The method followed here.
The unimportant thing to me is also unimportant to others.
Last edited by Mick on Sat May 04, 2019 9:17 am, edited 1 time in total.
Reason: Removed unnecessary *HUGE* quoting.
Post Reply

Return to “phpBB Discussion”