Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Tue May 18, 2004 6:28 pm Reply with quote

It has to be md5 coded in the myprivatefile.php
Here is an online tool that can do that. Only registered users can see links on this board! Get registered or login!
Try that and if it works maybe we can put up a mod like that here to simplify this for users.
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Tue May 18, 2004 6:43 pm Reply with quote

I also included the md5 script for you on the first page/post Smile
 
View user's profile Send private message
jonmcc33
Hangin' Around


Joined: May 17, 2004
Posts: 40
Location: Dayton, OH

PostPosted: Tue May 18, 2004 10:49 pm Reply with quote

anfer wrote:
Hi....my web page just got hacked...and im looking for security....i tried this system of two passwords, everything worked propertly, execpt that when I try to get in the admin page, my pass or login is not accepted. I type the same that i used for myprivatefile.php but i cant get in. I dont know what happen...plz help me. is a good security system for admin.

PD: (sorry for my bad english)

ANFER


Did you fix what the hack "broke"? I had to go into my website control panel and dump my SQL database and restore from a week old backup. I then removed a false waraxe2 God admin that had been in there since the backup. From there I went ahead and patched all my PHPNuke files and added this HTTP authentication security fix.

Your admin username and password should still work if you fixed what the hacker changed.
 
View user's profile Send private message Visit poster's website AIM Address ICQ Number
blith
Client


Joined: Jul 18, 2003
Posts: 977

PostPosted: Wed May 19, 2004 7:59 am Reply with quote

anfer wrote:
Hi....my web page just got hacked...and im looking for security....i tried this system of two passwords, everything worked propertly, execpt that when I try to get in the admin page, my pass or login is not accepted. I type the same that i used for myprivatefile.php but i cant get in. I dont know what happen...plz help me. is a good security system for admin.

PD: (sorry for my bad english)

ANFER

Raven, this is what I posted. I do not believe the system of multiple passwords works. I did two and only the second one I entered worked.
 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Wed May 19, 2004 10:25 am Reply with quote

He is not talking about the same issue. He is just referencing the 2 password authentication, not 2 passwords in the same file for authentication. I will test the code I have posted and will get back to you.
 
Raven
PostPosted: Wed May 19, 2004 11:01 am Reply with quote

Blith,

Please check your md5 passwords. I tried this several times and it seems to work perfectly each time.
 
blith
PostPosted: Wed May 19, 2004 11:36 am Reply with quote

Quote:

Blith,

Please check your md5 passwords. I tried this several times and it seems to work perfectly each time

okay...darn it. i try to test so many times before I say something.
 
southern
Client


Joined: Jan 29, 2004
Posts: 591
Location: Texas

PostPosted: Thu May 20, 2004 12:08 pm Reply with quote

GanjaUK wrote:
I will have to try this again later, tried it earlier and it didnt work, it displayed the contents of basicauthfile.php above the header when viewing admin.php. Its late though, so I probably messed something up. HitsFan


Got an error myself trying to post to this topic but it's fixed now or I couldn't post. Smile
I'm not sure if what you saw was an error per se or just a print() sort of thing but if you want to hide errors from non-admins put this in your header.php:
Code:


if(is_admin($admin)) error_reporting (E_ALL ^ E_NOTICE); else error_reporting (0);

right under require_once("mainfile.php");
 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
Raven
PostPosted: Thu May 20, 2004 12:10 pm Reply with quote

No, the error he was talking about had nothing to do with what you saw Southern. I had been testing something and forgot to put 1 change back. Thanks.
 
southern
PostPosted: Thu May 20, 2004 12:21 pm Reply with quote

Ok Glad to help in a tiny way. Smile Does the line of code I put up suppress errors for non-admins?
 
Raven
PostPosted: Thu May 20, 2004 12:30 pm Reply with quote

southern wrote:
Ok Glad to help in a tiny way. Smile Does the line of code I put up suppress errors for non-admins?
I'd have to test it to know for sure, but syntactically it looks right. Thanks!
 
NuclearX
New Member
New Member


Joined: May 21, 2004
Posts: 21

PostPosted: Fri May 21, 2004 2:06 am Reply with quote

Ok, I "tried" to install this thing, but it doesn't work. I get the dialog for the username and pass, but when I enter the username and the pass (and yes, I did encrypt the password first), I get three tries and it gives me the "Get out of here" message. Can you please help me find out what is wrong with my installation? Thanks in advance. Very Happy
 
View user's profile Send private message
Raven
PostPosted: Fri May 21, 2004 5:30 am Reply with quote

Please PM me your site url and creat an admin account for me. Also, PM me your ftp url, id, and password and I will take a look. If it is kicking you out, then either your id or password is not matching. That's all it can be.
 
xantique
New Member
New Member


Joined: Aug 30, 2003
Posts: 22
Location: Istanbul

PostPosted: Sun May 23, 2004 2:54 pm Reply with quote

Hi,

I installed HTTP Authentication script , it works perfectly, Laughing


Thanks again Raven...
 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Sun May 23, 2004 4:21 pm Reply with quote

Great! Cool
 
MickP
Hangin' Around


Joined: Sep 17, 2003
Posts: 31
Location: Australia

PostPosted: Sun May 23, 2004 9:16 pm Reply with quote

Hi, not sure what I have done wrong, but the http auth works fine, but when i logged out of admin, then attempted to get back in, the security code does not show, http auth works tho Smile, but without security code, i cannot get aby further. any ideas?
 
View user's profile Send private message Visit poster's website
Raven
PostPosted: Sun May 23, 2004 10:20 pm Reply with quote

Should not be related at all. Make sure that your admin.php file and mainfile.php and config.php do not have any blank lines after the closing ?> tag. Also any of the new files you made for http auth.
 
MickP
PostPosted: Sun May 23, 2004 10:39 pm Reply with quote

Thanks, that worked, had one blank line after the closing tag in the auth code, would have never thought of looking there.

Many thanks again.
 
southern
PostPosted: Mon May 24, 2004 1:16 pm Reply with quote

Thanks very much, Raven, for your PM tech advice. My brand new admin http auth is working perfectly now. If I haven't said so lately I think you're a very smart dude, for a bird haha Smile
 
Raven
PostPosted: Mon May 24, 2004 1:23 pm Reply with quote

EXCUSE ME? Evil or Very Mad The Raven is much more thana "bird". Be careful! Only registered users can see links on this board! Get registered or login!
 
southern
PostPosted: Mon May 24, 2004 1:49 pm Reply with quote

Hey, I know that! Raven is among my guardian spirits, along with Deer, Owl, Frog, Lizard and, of course, Wolf. I meant no disrespect, kind sir, but was merely celebrating my accomplishment in installing a superb security measure, and indulged in a tasteless joke. Many pardons, Raven!
 
sixonetonoffun
PostPosted: Mon May 24, 2004 2:12 pm Reply with quote

Ha there was a rather large Raven sitting on a post at the store today. One of my 5 yr olds had to chase him off his perch. Of course he didn't move far but it was quite a site. Her waving her arms like a bird with her open jacket as if she had wings and squaking at him. He returned a slight sqauk in protest at being disturbed. For a second I thought they might butt heads since he was as detirmined to stay as she was to chase him off his perch.

Inside she told the clerk she chased away the Black Pheasant.
 
GeekyGuy
Client


Joined: Jun 03, 2004
Posts: 302
Location: Huber Heights Ohio

PostPosted: Tue Jun 08, 2004 10:35 pm Reply with quote

Raven,

Thanks go to you, and all who help you here. The multi admin HTTP Auth works great.

Being very new to PHP (a little over a month now), your site has helped me tremendously. Your scripts, ChatServ's patches, everyone's comments, help, hints, and suggestions are priceless.

Thanks again to all of you!

And by the way, the Raven is considered a 'messenger'. And you Raven, are a messenger I want to listen to

_________________
"The Daytona 500 is ours! We won it, we won it, we won it!", Dale Earnhardt, February 15th, 1998, Daytona 500 
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger ICQ Number
Raven
PostPosted: Tue Jun 08, 2004 10:52 pm Reply with quote

You're welcome!
Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login!
 
digibeet
Regular
Regular


Joined: Jul 08, 2004
Posts: 96
Location: Amsterdam, the Netherlands

PostPosted: Mon Jul 19, 2004 4:33 am Reply with quote

Hi Raven,

As you probanly know, I use this script on your advise Wink on a earlyer post.
Now this happend, there are some kiddie's for sometime aming on my site with succes, now that I use this script they couldn't get in the website and have crached the server by bruteforce or something similar.

Last night they created an overload and the server went down untill this morning Twisted Evil the pc-killer did his job also on the server with a loopback or something, thats what my hostingprovider told me.

So, with this script you will have a lot of security extra Twisted Evil

A very happy Fred Razz


Thanks Raven.

_________________
"Grasp the subject, the words will follow."
Cato the Elder (234 BC - 149 BC)
Roman orator & politician. 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©