Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
ons
New Member
New Member


Joined: Jul 16, 2006
Posts: 6

PostPosted: Sun Jul 30, 2006 11:29 am Reply with quote

I am not sure if this has been mentioned before - I had a search but it yielded no results. When modifying a God admin password and pressing saving on my site the Hack Detected screen fires up stating an 'Authors Table Attack' has been attempted.

Now I can understand why this happens and as you need to be logged in as an admin to make the changes you are immune to the ban, but it has worried a few of my admins & I though it was worth asking if this was a known side effect of NukeSentinel?

This happened in version 2.4.2pl5 (Bundled with the 2.02.02 release) and it still happens in version 2.5.0.

Thanks.
 
View user's profile Send private message
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Sun Jul 30, 2006 11:31 am Reply with quote

You have to be logged in as GOD admin to do such a thing.

Where you or your other admins logged in as god admin?

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Sun Jul 30, 2006 9:11 pm Reply with quote

It is very important to distinguish between a "God admin" and a normal admin. Without the use of phpMyAdmin, you will only ever have ONE true "God admin". Only a God admin can get into the Edit Admins function if Nuke Sentinel's "Author" blocker is turned on.

Now, you might ask, "well, then, what is a 'normal admin' vs. a 'God admin'". Your "God admin" is set at the time you create your first admin id upon setting up your PHP-nuke database.

A "God Admin" is the only one who can set up new "normal admins" for the site. These "normal admins" can be given "Super User" access (which is NOT the same as "God Admin") or they can be given admin rights to individual modules. "Super Users" will also have access to the site-wide admin functions EXCEPT "Edit Admins" if you have NS's blocker on (which is a MUST in my book for protection purposes).

Now, back to why I said "Without the use of phpMyAdmin, you will only ever have ONE true 'God admin'." As the one and only "God Admin" you can create other admins and then through phpMyAdmin make them "God" by changing their nuke_authors record's 'name' property to "God".

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
ons
PostPosted: Mon Jul 31, 2006 1:15 am Reply with quote

I am aware of how the GOD admin account works - We do however have 3 GOD admin accounts setup (This was done way back in an earlier 6.x version of PHPnuke - The accounts etc all pulled into the nukescript 2.02.02 release) This was setup so noone was better (For want of a better word) than any one else.

This happens when myself (As a GOD admin) alters my password / another GOD admins password - I have not attempted it with a normal admin super user account. To make out accounts GOD status we did ammend the table in phpnuke.

Maybe the extra GOD accounts effect the way the checks are validated?
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©