Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Mon Jul 19, 2004 7:52 am Reply with quote

Well, sorry to here about the dDos atack, but I am glad to hear that your website is safe!
 
View user's profile Send private message
jonmcc33
Hangin' Around


Joined: May 17, 2004
Posts: 40
Location: Dayton, OH

PostPosted: Mon Oct 04, 2004 11:13 pm Reply with quote

Question:

In PHPNuke 7.5 the auth.php file is no longer used so where would you put the following code in the admin.php file:

Code:
require_once('myprivatefile.php'); 

require_once('basicauthfile.php');


I've been using your script since PHPNuke 7.1 and it's been awesome. I'd like to continue using it.
 
View user's profile Send private message Visit poster's website AIM Address ICQ Number
Raven
PostPosted: Tue Oct 05, 2004 12:06 am Reply with quote

Actually auth.php is still used - it's just already included in admin.php instead of being an 'included' file. In admin.php, find
Code:
if (ereg("[^a-zA-Z0-9_-]",trim($aid))) { 

    die("Begone");
}
$aid = substr("$aid", 0,25);
$pwd = substr("$pwd", 0,18);
which is the beginning of the auth.php code. Place the 2 require_once statments right before the above code like
Code:
require_once('myprivatefile.php'); 

require_once('basicauthfile.php');
if (ereg("[^a-zA-Z0-9_-]",trim($aid))) {
    die("Begone");
}
$aid = substr("$aid", 0,25);
$pwd = substr("$pwd", 0,18);


Having said that, I would strongly recommend using NukeSentinel instead as it incorporates all of my original script and so much more for protection.
 
mrisis
New Member
New Member


Joined: Jan 01, 2005
Posts: 3

PostPosted: Sat Jan 01, 2005 2:12 pm Reply with quote

Edited


Last edited by mrisis on Sun Jan 02, 2005 1:43 am; edited 1 time in total 
View user's profile Send private message
Raven
PostPosted: Sat Jan 01, 2005 2:22 pm Reply with quote

HTTPAuth is the default NukeSentinel authorization method. It does not require .htaccess.
 
mrisis
PostPosted: Sat Jan 01, 2005 2:29 pm Reply with quote

Yes, But only when you run it as an apache module
 
Raven
PostPosted: Sat Jan 01, 2005 2:31 pm Reply with quote

I understand that. But, that's what your link provides, standard HTTPAuth, so, that's why I responded in kind.
 
mrisis
PostPosted: Sat Jan 01, 2005 2:53 pm Reply with quote

Very good point, dont take me wrong as I use sentinel on my main site
 
MaSePoes
New Member
New Member


Joined: Apr 11, 2005
Posts: 21

PostPosted: Fri Jul 01, 2005 3:16 am Reply with quote

this is one of the best methods I've used. I use them on all my sites. In fact I didn't use it on one site and that one got hacked. For months I haven't been hacked becuase I use this method with Nuke Sentinel.

okay one can never be 100% secure, but you can try.
 
View user's profile Send private message
Raven
PostPosted: Fri Jul 01, 2005 7:52 am Reply with quote

RavensScripts Thanks for the testimonial RavensScripts
 
hero
New Member
New Member


Joined: Oct 08, 2005
Posts: 4

PostPosted: Sat Oct 08, 2005 3:00 am Reply with quote

Hi Raven,

I'm newbie at phpnuke. I have a server with nukesentinel installed. I was actually looking for a very secured HTTP AUTH program for my site. Luckily, I found this topic and follow every single instruction that you wrote here. Fortunately, I made it work on my site without any errors. Thanx dude !!!!

There is one question I wanted to ask..... since you said the beauty about those 2 files ( myprivate.php & basicauthfile.php) are that we can put it any where we want. Right now I placed those 2 files inside my html folder and its working. But, my question is, what if I wanted to put those files outside my html folder ? Are these still gonna work ?

I am running my server through my computer. So, I want my admin can only access to the admin.php from my computer not any other remote computer. How, can I make this work ? Any help will be appriceated.

Thanx in advance
 
View user's profile Send private message
hero
PostPosted: Sat Oct 08, 2005 3:55 am Reply with quote

actually I just changed the path of those 2 files which is out of my html folder ...and its working !!!!!!

require_once('c:\Myserver\myprivatefile.php');
require_once('c:\Myserver\basicauthfile.php');

do you think that will do the trick ? do you think people can access to my admin.php file from remote computer ????
 
Raven
PostPosted: Sat Oct 08, 2005 7:49 am Reply with quote

That should do the trick. Regardless of where those files are stored, it provides the same protection. The added benefit of moving the files outside of the web root is that there is no way that they can view the files from their browser unless you have bad code elsewhere that allows a hole or access otherwise.
 
CoffeeOD
New Member
New Member


Joined: Nov 05, 2005
Posts: 11

PostPosted: Mon Jan 16, 2006 2:06 am Reply with quote

Hey Raven, im using phpnuke 7.7 and this script looks nice but (there�s always but, eh?) I dont find this line
Code:
require("auth.php");
I thinked that I could place it before
Code:
require_once("mainfile.php");
, but I wanna be sure.

[admin.php - admin fix] Also, I tried that admin fix you said earlier (http://www.ravenphpscripts.com/postt345.html), but I cannot find
Code:
require_once("mainfile.php");

get_lang(admin);
in my include/auth.php and I dont got any other auth.php

[auth.php admin fix] I tried that admin fix you said earlier about auth.php, (http://www.ravenphpscripts.com/postt349.html), I dont find those two starting lines, my starting lines are
Code:
if ( !defined('IN_PHPBB') )

{
        die("Hacking attempt");
        exit;

I didnt see answers in those threads, or maybe I didnt look enough. I use newest Sentinel and thanks for that, it�s great tool and just the thing I have been looking for.
 
View user's profile Send private message
Raven
PostPosted: Mon Jan 16, 2006 8:36 am Reply with quote

As stated above, auth.php was integrated into admin.php in v7.5. But if you use NukeSentinel(tm) this thread is irrellevant.
 
redhairz
Worker
Worker


Joined: Nov 17, 2006
Posts: 222

PostPosted: Mon Dec 04, 2006 4:01 pm Reply with quote

i think someone hacked my phpmyadmin when i log out exit it promt me wrong user and wrong password could it be hacked?

_________________
Jesus is Alive, He is our joy, be it good times or bad time. 
View user's profile Send private message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Mon Dec 04, 2006 4:39 pm Reply with quote

I'm not sure what you mean. You say you cannot log into phpMyAdmin?
Or the saved forms in your browser are incorrect - that just sounds like a browser thing

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
redhairz
PostPosted: Mon Dec 04, 2006 6:13 pm Reply with quote

hey evaders99 Smile i always get this (Wrong username/password. Access denied.) when exiting from phpmyadmin...... i can use the phpmyadmin but when i login out as exit i will get the message above. becos there have been 2 incident when hacker deleted all the DB. the hosting admin restored back eventually. my question is could the hacker edit the user of the phpmyadmin which cause the above message to appear? i login into the phpmyadmin from cpanel mysql. what is your view? i had disable ftp and change pword. could the hacker hack into the nuke portal to do that kind of damage? from admin or folder cmod 777?
 
evaders99
PostPosted: Mon Dec 04, 2006 9:17 pm Reply with quote

I don't think so. It may just be its trying to read some login value that is no longer there since you logged out. Don't worry about
 
shock1964
New Member
New Member


Joined: Apr 28, 2007
Posts: 1

PostPosted: Sat Apr 28, 2007 1:46 pm Reply with quote

hey, i got this md4 bf off of a friend. the creator is matthias fichtner and its supposed to unlock the halo 3 beta on my xbox 360, can anyone tell me what it really does? i can send u the file if u email me or add me on my msn Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
evaders99
PostPosted: Sat Apr 28, 2007 11:12 pm Reply with quote

What? This has nothing to do with this thread, or phpNuke for that matter.
Spam?
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©