Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
antone
New Member
New Member


Joined: May 03, 2007
Posts: 6

PostPosted: Mon May 07, 2007 6:17 am Reply with quote

Hi all and thanks for your support. I have some questions about Forums security.

I have read the HowToInstall files, it has a specific info about phpbb and a further reading to Only registered users can see links on this board! Get registered or login! wich I have also read.
1) But is this because the rn.htaccess in forums/admin is not enogh? Do I need to use a CGIAuth too?
2) And just to make shure does the rn.htaccess in the forums/admin also need to be cmoded to 777 or is 644 suficient?
3) Im also concerned about the phpbb version, is phpbb in RavenNuke_v2.10.00 up to date security wise? Do I need to update phpbb?

I have two additional questions that are related ...
4) I have added the forum center block does this have any security risks in the code? Is there anything one should change in the code when adding blocks?
5) Also baned emails from phpbb do not work in ravenuke, is there a way to make shure that this is done?
 
View user's profile Send private message
CodyG
Life Cycles Becoming CPU Cycles


Joined: Jan 02, 2003
Posts: 712
Location: Vancouver Island

PostPosted: Mon May 07, 2007 8:09 am Reply with quote

hi!

I'm neither expert nor guru ... i only want to confirm you have found the right spot for the simply sweetest cms on the planet.

for security? ... sentinel rocks !

welcome

_________________
"We want to see if life is ubiquitous." D.Goldin 
View user's profile Send private message
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Mon May 07, 2007 8:27 am Reply with quote

The PHPBB in Ravennuke is up to date with the latest PHPBB as far as I know. At the very least it is up to date with the latest integration package which is done separately from Ravennuke and integrated into (integrating the integration?) once it's been tested on Ravennuke. I believe that CGIauth was set up for Forums in response to very specific attacks that took place. So it is an extra layer of security. I'm not familiar with the details of those attacks. The center blocks should not cause a problem. As to banned emails I'm not sure I understand the question.
 
View user's profile Send private message Visit poster's website
antone
PostPosted: Mon May 07, 2007 8:57 am Reply with quote

Thanks for the reply.

Regarding banned emails...
In the PHPBB forum administration under the "user admin - ban control", you can ban emails, for example *@rambler.ru I find this useful since I was hacked one year ago, and the suspected hackers used specific emails to signup, they created over 100 accounts with the same 7 email domains. Banning these would make it less confortable and more time consumming for them.

However even though PHPBB can ban these emails and no signups are posible with them through the PHPBB registration, the nuke registration lets them through.

Is there away that it may check the banned emails from database, meaby using the phpbb registration instead of nuke?
 
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Mon May 07, 2007 9:26 am Reply with quote

You can use the string blocker in Sentinel to block those email addresses.
 
View user's profile Send private message
fkelly
PostPosted: Mon May 07, 2007 9:59 am Reply with quote

And we should put this feature on our (now) long list for enhancements to Your Account.
 
antone
PostPosted: Mon May 07, 2007 11:31 am Reply with quote

The string blocker explanation says "Provided to allow webmasters to block queries containing strings that they enter from visiting the site." as I understand it, this means browser queries.

But if I want to block a user using for example *@rambler.ru how do I write this in the stringblocker?
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Mon May 07, 2007 7:40 pm Reply with quote

Just ADD the string in the string blocker exactly as shown below:

@rambler.ru

I would also recommend:

@mail.ru

What will happen is that when the "user" tries to submit the new user registration which includes that string in the email address field, NukeSentinel will block them according to the settings that you have set for the String Blocker. If you ban them permanently, that IP address will never be able to access your site again unless you clear the block(s).

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©