|
|
It appears you are using a browser that is not based on Internet Explorer, this means you are not viewing the web as good as you should be. Other browsers might try to immitate Internet Explorer, but none can parse the web as it should like Internet Explorer can. So view the web as it was meant to be with Avant Browser!
|
| |
|
|
All times are GMT - 5 Hours
|
|
 |
Wed Jan 11, 2006 10:55 pm |
 |
|
Thu Jan 12, 2006 5:15 pm |
|
|
Thu Jan 12, 2006 5:25 pm |
|
|
Fri Jan 13, 2006 8:22 am |
|
|
Fri Jan 13, 2006 8:34 am |
|
|
Fri Jan 13, 2006 4:59 pm |
|
|
Fri Jan 13, 2006 5:18 pm |
|
 Author |
Message |
cane_cc72
Support Team
 
Joined: 07 Jan 2005
Posts: 306
Words Posted: 36,100
Average Post: 117.97
Location: Maryland
|
| Post subject: |
 |
|
| upgraded also with no problems only thing I see is the feature that has you verify password when you edit profile doesn't ask to verify it does in modcp but not in profile edit. |
|
| Post #7 |
|
|
|
Fri Jan 13, 2006 5:49 pm |
|
|
Fri Jan 13, 2006 7:58 pm |
|
| Author |
Message |
y0y0
Moderate TweakeR
Joined: 07 May 2005
Posts: 54
Words Posted: 2,563
Average Post: 47.46
|
| Post subject: |
|
|
austin, you said:
| austin wrote: | [phpBB Security]
This has been an on/off update that i need to get finished. I have added alot to the next release that will help you keep your site protected. Its really to much to list here, but know i am working on it!
[/phpBB Security] |
http://phpbb-tweaks.com/topics.html-t-8635
you say you added alot and much to list. could you list? and why did you not list in features.txt? |
|
| Post #9 |
|
|
|
Fri Jan 13, 2006 9:46 pm |
|
| Author |
Message |
Damo
Moderate TweakeR
Joined: 24 Jun 2005
Posts: 69
Words Posted: 8,072
Average Post: 116.99
|
| Post subject: |
|
|
he did list the features in that text.
| Quote: |
#====
#==== V1.0.3
#====
-> Added protection against passing certain functions & PHP variables in a URL.
-> Added account protection for the board owner in the User Admin -> Management.
-> Added account protection for the board owner in the User Admin -> Permissions.
-> Added a password verification to the modcp.php file so anyone who possibly fakes a user
with some kind of cookie exploit, can not delete topics/posts via modcp.php.
-> Per user request, added a way to delete old DB backups directly in the ACP. This is located
in the Special section, so only the allowed admins can do this.
-> Added some guest protection. With alot of programatic DDoS programs, all the guests will have
the same ip. With this new setting, you can limit how many sessions are stored on a per IP basis
for guests.
-> Added a way to disallow users to use the same username & pass combo, if their pass matches
their username, they will have to choose a different one.
-> Added a minimum characters for a user password. This can be toggled on/off in the ACP and
the minimum is also configurable.
-> Added a way to make all users update their passwords. Basically if you choose this, the first
visit when a user returns after you doing this, they will have to update their password.
-> Fixed the error when changing passwords. Sometimes it would cause a cookie mis-match error.
-> Fixed the cookie issue from phpBB 2.0.18++.
-> Fixed the backup feature error from phpBB 2.0.18++.
-> Made it so any time a user changes their profile, they have to also verify their password,
just to make sure it is them editing their profile.
-> Removed the htaccess verification on the ACP since phpBB finally includes it.
-> Removed the extra cookie checks since phpBB finally updated theirs.
-> Added a version status to the admin index to let you know if you're up to date or not.
|
|
|
| Post #10 |
|
|
|
Fri Jan 13, 2006 10:12 pm |
|
|
Sat Jan 14, 2006 4:00 am |
|
| Author |
Message |
jsr
Support Team
Joined: 06 Jan 2005
Posts: 407
Words Posted: 50,471
Average Post: 124.01
|
| Post subject: |
|
|
| Quote: | From: jet set radio
To: jet set radio (Online)
Posted: Sat Jan 14, 2006 9:00 am
Subject: phpBB Security Update
Your Daily Database Backup Was Completed.
|
Mine worked fine. |
|
| Post #12 |
|
|
|
Sat Jan 14, 2006 4:58 am |
|
| Author |
Message |
jsr
Support Team
Joined: 06 Jan 2005
Posts: 407
Words Posted: 50,471
Average Post: 124.01
|
| Post subject: |
|
|
aUsTiN, You didn't take out: | Code: | | phpBBSecurity_Cookies(); |
out off the Install for 1.0.3. | Code: | -----------------------------------
----[ FIND ]-----------------------
-----------------------------------
$template->pparse('overall_header');
-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------
#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
phpBBSecurity_Cookies();
phpBBSecurity_FinalSet();
phpBBSecurity_DBBackup();
# Only allow them to login & view profile to update it
if ($HTTP_SERVER_VARS['PHP_SELF'] == $board_config['script_path'] .'profile.'. $phpEx)
$is_valid = TRUE;
elseif ($HTTP_SERVER_VARS['PHP_SELF'] == $board_config['script_path'] .'login.'. $phpEx)
$is_valid = TRUE;
else
$is_valid = '';
if ( (!$is_valid) && (!$gen_simple_header) )
{
# Make sure they are not a guest
if ($userdata['user_id'] != ANONYMOUS)
{
# Do the check
if (!$userdata['phpBBSecurity_answer'] || !$userdata['phpBBSecurity_question'])
phpBBSecurity_Force();
if ($userdata['phpBBSecurity_force_pw_update'] != 1)
message_die(GENERAL_ERROR, sprintf($lang['PS_pass_force'], '<a href="profile.'. $phpEx .'?mode=editprofile&infrom=phpBBSecurity&sid='. $userdata['session_id'] .'">', '</a>'));
}
}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |
#======================================================================= | |
Which is now: | Code: | #======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
phpBBSecurity_FinalSet();
phpBBSecurity_DBBackup();
# Only allow them to login & view profile to update it
if ($HTTP_SERVER_VARS['PHP_SELF'] == $board_config['script_path'] .'profile.'. $phpEx)
$is_valid = TRUE;
elseif ($HTTP_SERVER_VARS['PHP_SELF'] == $board_config['script_path'] .'login.'. $phpEx)
$is_valid = TRUE;
else
$is_valid = '';
if ( (!$is_valid) && (!$gen_simple_header) )
{
# Make sure they are not a guest
if ($userdata['user_id'] != ANONYMOUS)
{
# Do the check
if (!$userdata['phpBBSecurity_answer'] || !$userdata['phpBBSecurity_question'])
phpBBSecurity_Force();
if ($userdata['phpBBSecurity_force_pw_update'] != 1)
message_die(GENERAL_ERROR, sprintf($lang['PS_pass_force'], '<a href="profile.'. $phpEx .'?mode=editprofile&infrom=phpBBSecurity&sid='. $userdata['session_id'] .'">', '</a>'));
}
}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |
#======================================================================= | |
|
|
| Post #13 |
|
|
|
Sat Jan 14, 2006 5:38 am |
|
|
Sat Jan 14, 2006 12:46 pm |
|
|
Sat Jan 14, 2006 1:27 pm |
|
| Author |
Message |
y0y0
Moderate TweakeR
Joined: 07 May 2005
Posts: 54
Words Posted: 2,563
Average Post: 47.46
|
| Post subject: |
|
|
Sorry for asking but I have Catogeries Hiarchy and it doesnt use admin_ug_auth  ...
is that bad if i dont make this changes?
| Code: | -----------------------------------
----[ OPEN ]-----------------------
-----------------------------------
admin/admin_ug_auth.php
-----------------------------------
----[ FIND ]-----------------------
-----------------------------------
$user_id = intval($user_id);
$group_id = intval($group_id);
$adv = intval($adv);
$mode = htmlspecialchars($mode);
-----------------------------------
----[ ADD, AFTER ]-----------------
-----------------------------------
#======================================================================= |
#==== Start: == phpBB Security ========================================= |
#==== v1.0.3 =========================================================== |
#====
$owner = '2';
if (isset($HTTP_POST_VARS['submit']))
{
if ( ($user_id == $owner) && ($userdata['user_id'] != $owner) )
message_die(GENERAL_ERROR, $lang['PS_admin_not_authed']);
}
#====
#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-tweaks.com] = |
#==== End: ==== phpBB Security ========================================= |
#======================================================================= | |
|
|
| Post #16 |
|
|
|
Sat Jan 14, 2006 8:07 pm |
|
| Author |
Message |
aUsTiN
Webmaster
Joined: 05 Jan 2005
Posts: 3684
Words Posted: 144,671
Average Post: 39.27
Location: USA
|
| Post subject: |
|
|
1.0.2 was secure & 1.0.3 is just as secure. Yes it adds more protection agains DDoS attacks.
Yes you can skip those edits, they just provide protection against the board owner.
Any further support needs to be in the support forums, this topic is not meant for support. Thanks. |
|
| Post #17 |
|
|
|
Sun Jan 15, 2006 9:06 pm |
|
| Author |
Message |
mbalao
Amature TweakeR
Joined: 10 Mar 2005
Posts: 36
Words Posted: 3,119
Average Post: 86.64
|
| Post subject: |
|
|
Thanks jsr because of your db comment, I will have to see mine is not working... maybe because of the server 
Austin; Why isn't my translation (Spanish) for this mod still not approved? . I checked for mistakes and I did it very formal, exactly the same! |
|
| Post #18 |
|
|
|
Sun Jan 15, 2006 10:13 pm |
|
|
Tue Jan 17, 2006 1:11 am |
|
| Author |
Message |
thesmacker11
New TweakeR
Joined: 19 Nov 2005
Posts: 1
Words Posted: 53
Average Post: 53.00
|
| Post subject: |
|
|
| You know when you make everyone use a new pass it gives a message die after you submit your profile.. But I installed the mod that shows the acutal errors besides just the die error and it shows error 1. You need to make a new pass and error 2 admin requests you reset pass |
|
| Post #20 |
|
|
|
Fri Jan 20, 2006 10:03 am |
|
| Author |
Message |
y0y0
Moderate TweakeR
Joined: 07 May 2005
Posts: 54
Words Posted: 2,563
Average Post: 47.46
|
| Post subject: |
|
|
austin sorry for asking but will you going on coding on phpBB Security  like adding more security features 
You work in real life, yeah, but when do you get holidays ? |
|
| Post #21 |
|
|
|
Sat Jan 21, 2006 8:43 pm |
|
| Author |
Message |
X
100 Club
Joined: 13 Jan 2005
Posts: 157
Words Posted: 22,097
Average Post: 140.75
Location: México
|
| Post subject: |
|
|
| y0y0 wrote: | austin sorry for asking but will you going on coding on phpBB Security like adding more security features
You work in real life, yeah, but when do you get holidays ? |
More secure? oh god, let me tell you this, since phpbb2.0.6 i searched for lots of security utilities, i found lots of them, like 18 mods to protect lots of things, and also later i found PHPBB security, phpbb security had lots of new things and best security ever, even now it blocks new CORE atacks and DDOS Attemps caused by PHPBB BUG - EXPLOIT, even PHPBBsecurity was not updated to phpbb2.0.16 CORE CODE.
Well in PHPBB Security 3 i found that 90% of my other security codes where improved and upgraded in this PHPBB security RELEASEm without causing mod conflict with my other security features.
So as far as i know PHPBB security has the best security for PHPBB actual version, and its more secure now than ever so i think a rewrite for security would be unnecesary. |
|
| Post #22 |
|
|
|
Sun Jan 22, 2006 9:00 am |
|
|
Mon Jan 30, 2006 10:48 pm |
|
| Author |
Message |
jopcris
New TweakeR
Joined: 25 Jan 2005
Posts: 2
Words Posted: 188
Average Post: 94.00
|
| Post subject: |
|
|
| mbalao wrote: | Thanks jsr because of your db comment, I will have to see mine is not working... maybe because of the server
Austin; Why isn't my translation (Spanish) for this mod still not approved? . I checked for mistakes and I did it very formal, exactly the same! |
no found download phpbbsecurity spanish ??? 
saludos desde chile  |
|
| Post #24 |
|
|
|
Mon Jan 30, 2006 11:33 pm |
|
| Author |
Message |
mbalao
Amature TweakeR
Joined: 10 Mar 2005
Posts: 36
Words Posted: 3,119
Average Post: 86.64
|
| Post subject: |
|
|
| jopcris wrote: | | mbalao wrote: | Thanks jsr because of your db comment, I will have to see mine is not working... maybe because of the server
Austin; Why isn't my translation (Spanish) for this mod still not approved? . I checked for mistakes and I did it very formal, exactly the same! |
no found download phpbbsecurity spanish ???
saludos desde chile | Si, ya fue aceptada y esta andando lo más bien. Salute.
Yes, it has already been acepted and it's working well. Salute. |
|
| Post #25 |
|
|
|
Tue Jan 31, 2006 11:50 am |
|
| Author |
Message |
Adrian Rea
New TweakeR
Joined: 31 Jan 2006
Posts: 3
Words Posted: 219
Average Post: 73.00
|
| Post subject: |
|
|
Where do we request support for the security mod as registered users are not granted access to post in the mods forums?
I do have a question concerning 1.02 and I need to know if i should bother to upgrade. I would not like to post it here as that may be distractin.
A |
|
| Post #26 |
|
|
|
Tue Jan 31, 2006 12:07 pm |
|
|
Tue Jan 31, 2006 2:59 pm |
|
| Author |
Message |
jopcris
New TweakeR
Joined: 25 Jan 2005
Posts: 2
Words Posted: 188
Average Post: 94.00
|
| Post subject: |
|
|
| mbalao wrote: | | jopcris wrote: | | mbalao wrote: | Thanks jsr because of your db comment, I will have to see mine is not working... maybe because of the server
Austin; Why isn't my translation (Spanish) for this mod still not approved? . I checked for mistakes and I did it very formal, exactly the same! |
no found download phpbbsecurity spanish ???
saludos desde chile | Si, ya fue aceptada y esta andando lo más bien. Salute.
Yes, it has already been acepted and it's working well. Salute. |
no.. en la seccion de download no esta disponible el archivo, indica que el archivo no existe al querer descargarlo.
saludos |
|
| Post #28 |
|
|
|
Tue Jan 31, 2006 5:35 pm |
|
|
Announcements 
