Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.5.x
Author Message
zlmark
Regular
Regular



Joined: Sep 25, 2006
Posts: 57

PostPosted: Fri Mar 30, 2007 9:06 pm Reply with quote

Code:
<Files .staccess> 

deny from all
</Files>

<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted Forum Area"
AuthType Basic
AuthUserFile
# -------------------------------------------
# Start of NukeSentinel(tm) ********admin.php Auth
# -------------------------------------------
<Files access/.staccess>
deny from all
</Files>

<Files ********admin.php>
<Limit GET POST PUT>
require valid-user
</Limit>
AuthName "Restricted by NukeSentinel(tm)"
AuthType Basic
AuthUserFile /home/*********/public_html/access/.staccess
</Files>
# -------------------------------------------
# End of NukeSentinel(tm) ********admin.php Auth
# ------------------------------------------- 
Forum admin blocked from me. I have this copied from my .htaccess in the access folder in the root. I have no prompt for username and password when i access admin but it is blocking the hackers. RN2.10 NSN 2.5.06 Is this code correct?
 
View user's profile Send private message
zlmark







PostPosted: Sat Mar 31, 2007 3:16 pm Reply with quote

Ok I fixed the main admin access and now getting the popup dialog prompting me for username and password. but still no access to forum admin. I'm worried about this because the last block notification email showed they tried to access the forum admin. i want to make sure this is set correctly
 
jakec
Site Admin



Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Sat Mar 31, 2007 3:35 pm Reply with quote

What is happening when you to access the forum admin?
 
View user's profile Send private message
zlmark







PostPosted: Sat Mar 31, 2007 5:15 pm Reply with quote

Internal Server Error

Referred From : [ Only registered users can see links on this board! Get registered or login! ]
Your IP : ***********
The Page Requested: /modules/Forums/admin/index.php
Agent : Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Redirect Status : 500
 
Gremmie
Former Moderator in Good Standing



Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Sat Mar 31, 2007 6:40 pm Reply with quote

Your .htaccess and .staccess files are under modules/Forums/admin, right?

_________________
GCalendar - An Event Calendar for PHP-Nuke
Member_Map - A Google Maps Nuke Module 
View user's profile Send private message
zlmark







PostPosted: Sat Mar 31, 2007 7:07 pm Reply with quote

Quote:
There are numerous attempts from hackers to try and exploit the Forums admin scripts by calling them directly. It is recommended that you also protect the entire modules/Forums/admin folder with a similar approach to admin authentication.

If you are using "CGIAuth", rename the rn.htaccess file that is in modules/Forums/admin to .htaccess and then modify the line for AuthUserFile to match what you have within the .htaccess file that is in the root of your RavenNukeā„¢ installation. This will also protect your Forums admin folder using the same NukeSentinelā„¢ admin auth userid and password!
I don't see that requirement here. Is that what will make it work?
 
Gremmie







PostPosted: Sat Mar 31, 2007 9:03 pm Reply with quote

Well, I'm no Apache expert...here is how I have it.

I have a pair of .htaccess and .staccess files in my root directory to protect my admin.php file (and other stuff).

And then I have a similar pair in modules/Forums/admin to protect the forums admin.php file.

That paragraph you quote, I believe, is trying to tell you to rename the rn.htaccess, etc files under modules/Forums/admin (but still keep them under modules/Forums/admin).
 
zlmark







PostPosted: Sat Mar 31, 2007 9:19 pm Reply with quote

still no go
 
zlmark







PostPosted: Thu Apr 05, 2007 7:13 am Reply with quote

Could you pm me the text in your htaccess and staccess that is in your modules/Forums/admin Gremmie for comparision. I really want to get this working.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©