phpBB2Refugees.com Logo
Not affiliated with or endorsed by the phpBB Group

Register •  Login 

Continue the legacy...

Welcome to all phpBB2 Refugees!Wave Smilie

This site is intended to continue support for the legacy 2.x line of the phpBB2 bulletin board package. If you are a fan of phpBB2, please, by all means register, post, and help us out by offering your suggestions. We are primarily a community and support network. Our secondary goal is to provide a phpBB2 MOD Author and Styles area.

Any anti-hack Mods?

Goto page 1, 2  Next
 
Search this topic... | Search phpBB2 Discussion... | Search Box
Register or Login to Post    Index » phpBB2 Discussion  Previous TopicPrint TopicNext Topic
Author Message
Acaria
Board Member



Joined: 20 Feb 2009

Posts: 238



PostPosted: Tue Feb 24, 2009 1:10 am 
Post subject: Any anti-hack Mods?

I looked through the database on Phpbb.com, but I couldn't find anything of the like.

Does anyone know of any form of an anti-hack Mod?

(In case you're wondering, it's because another site I work for got hacked and I don't want it to happen to me. D:)
Back to top
drathbun
Board Member



Joined: 24 Jul 2008

Posts: 653
Location: Texas


flag
PostPosted: Tue Feb 24, 2009 3:03 am 
Post subject: Re: Any anti-hack Mods?

Many "anti-hack" MODs are no better than basic code. You're better off being worried about adding new holes when you add other MODs, rather than trying to add still more MODs on top of that.

By the way, please do not use BBCode to format your entire post. Use it only for emphasis, thanks for understanding.

_________________
phpBBDoctor Blog
Back to top
Sylver Cheetah 53
Board Member



Joined: 17 Dec 2008

Posts: 426
Location: Milky Way


flag
PostPosted: Tue Feb 24, 2009 2:16 pm 
Post subject: Re: Any anti-hack Mods?

You can try CrackerTracker.
This is a complete security system for your phpBB.

Features:

- Worm and exploit protection unit with heuristic engine and more than 500 definitions
- SQL injection detector for GET, POST and others variables
- Attack counter function
- Checksum scanner to detect PHP files that were changed
- 8 different footer layouts
- File security scanner wich detects general security issues in phpBB Ffles
- Global message function
- IP blocker engine
- Proxy blocker engine
- UserAgent blocker engine
- Comfortable log manager to view attack log files and manage the files
- Self test system
- Automatically check file permissions on the log files
- Show security tipps for your server and phpBB
- Maintenance function
- Miserable user function to easily block user posts
- Adjustable main log file size
- Every feature can easily be activated or deactivated through ACP
- Search flood protection for guests and users
- Login brute force protection system
- Detect wrong logins and save them in your log file
- Login history for users
- IP range scanner to detect account abuse
- Spammer detection system
- Detection system for human, registered spammers
- Spammer keyword detection for posts and profile
- Registration protection
- Registration IP scanning
- Account password expire function
- Account password complexity function
- Account password length control
- Emergency console which can restore phpBB configuration table without running phpBB
- Password reset flood protection
- Mass mail protection system
- Visual confirmation for guest postings
- Protect from throw away free e-mail providers
- Automatically detect misconfiguration of sensible phpBB settings
- Protection from overwriting sensible vars
... and much more!


Keep in mind three things:
1.It is hard to install
2.It blocks even normal users sometimes, it is not working too good
3.Remember what Dave said before

_________________
Image link
My Forum || My Blog

phpBB2 forever! icon_smile.gif
Back to top
Ram
Board Member



Joined: 23 Dec 2008

Posts: 100
Location: Somewhere over the rainbow


flag
PostPosted: Tue Feb 24, 2009 4:20 pm 
Post subject: Re: Any anti-hack Mods?

My opinion (which is similar as drathbun thought) is that it's better to not touch the basic code, but to put hard password for each things : the one of your personnal account on the forum, for your FTP...
Back to top
Techie-Micheal
Board Member



Joined: 27 Dec 2008

Posts: 49



PostPosted: Tue Feb 24, 2009 10:23 pm 
Post subject: Re: Any anti-hack Mods?

Severe vulnerabilities have been found in these so-called security MODs before, some of them by myself and others I've worked with. It is best to not bother with adding such MODs and instead do as suggested by using complex passwords, hardening the server, etc.
Back to top
lumpy burgertushie
Board Member



Joined: 19 Nov 2008

Posts: 214


flag
PostPosted: Wed Feb 25, 2009 2:31 am 
Post subject: Re: Any anti-hack Mods?

and cracker tracker is probably one of the worst.
It has been known to have it's own security vulnerabilities in the past.

besides, I dont' trust a MOD that is hard coded to say that it has stopped x number of hacks when you first install it.


robert
Back to top
Slackervaara
Board Member



Joined: 01 Jan 2009

Posts: 70



PostPosted: Wed Feb 25, 2009 4:05 am 
Post subject: Re: Any anti-hack Mods?

My forum has never been hacked and I have had it for more than 5 years now. The admin folder is password protected and in .htaccess I have added protection against cross-scripting.
Back to top
rAWR
Board Member



Joined: 26 Feb 2009

Posts: 9


flag
PostPosted: Thu Feb 26, 2009 1:47 am 
Post subject: Re: Any anti-hack Mods?

Yeah, basic code is usually safer (additionally, exploits tend to get around faster than these types of scripts). I would rename the admin directory, use .htaccess on it and use safe passwords for your admin account(s). Hacks happen all the time, these type of scripts aren't perfect and will probably be defeated if the hacker is persistent.
Back to top
khofech
Board Member



Joined: 27 Feb 2009

Posts: 44



PostPosted: Sat Feb 28, 2009 12:30 pm 
Post subject: Re: Any anti-hack Mods?

ok, guys., can you tell us what is the htaccess code u use to protect your forum , so we can protect ours too ???, and if you passw protect your admin folder, how to access the ACP ??? I need explanation icon_smile.gif
Back to top
Slackervaara
Board Member



Joined: 01 Jan 2009

Posts: 70



PostPosted: Sat Feb 28, 2009 12:56 pm 
Post subject: Re: Any anti-hack Mods?

This I use this in .htaccess to stop cross-scripting, which is the most common hacking attempt:

RewriteEngine On

RewriteCond %{QUERY_STRING} .*http:\/\/.* [OR]
RewriteCond %{QUERY_STRING} .*http%3A%2F%2F.*
Rewriterule ^.* - [F]

To password protect the admin folder it is just to use the standard procedure for that.
Back to top
drathbun
Board Member



Joined: 24 Jul 2008

Posts: 653
Location: Texas


flag
PostPosted: Sat Feb 28, 2009 3:48 pm 
Post subject: Re: Any anti-hack Mods?

I wrote an article some time back that shows how to do it if you have cpanel on your host.

You can still do it without cpanel assistance; there are places on the web that you can use to generate the password file. Once you do that, you put the password in a directory off of your account "home" (meaning NOT inside the www folder) and put the .htaccess file inside the /admin folder.

_________________
phpBBDoctor Blog
Back to top
khofech
Board Member



Joined: 27 Feb 2009

Posts: 44



PostPosted: Sat Feb 28, 2009 4:18 pm 
Post subject: Re: Any anti-hack Mods?

Thank u guys (and girls - if any icon_smile.gif ) for these tips. It'll be helpfull for me.
Back to top
Holger
Board Member



Joined: 19 Jan 2009

Posts: 509
Location: Hanover


flag
PostPosted: Thu Oct 29, 2009 2:03 pm 
Post subject: Re: Any anti-hack Mods?

Slackervaara wrote:
This I use this in .htaccess to stop cross-scripting, which is the most common hacking attempt:

RewriteEngine On

RewriteCond %{QUERY_STRING} .*http:\/\/.* [OR]
RewriteCond %{QUERY_STRING} .*http%3A%2F%2F.*
Rewriterule ^.* - [F]

To password protect the admin folder it is just to use the standard procedure for that.


I have this:
Code:
RewriteCond %{QUERY_STRING} (.*)=http://(.*) [OR]
RewriteCond %{QUERY_STRING} (.*)=https://(.*) [OR]
RewriteCond %{QUERY_STRING} (.*)=ftp://(.*) [OR]
RewriteCond %{QUERY_STRING} ^(.*)UNION(.*) [OR]
RewriteCond %{QUERY_STRING} ^(.*)SQL_INJECTION(.*)
RewriteRule (.*) http://127.0.0.1 [L,R=301]
Back to top
Jim_UK
Board Member



Joined: 19 Nov 2008

Posts: 538
Location: North West UK


flag
PostPosted: Thu Oct 29, 2009 6:57 pm 
Post subject: Re: Any anti-hack Mods?

Holger wrote:
I have this:
Code:
RewriteCond %{QUERY_STRING} (.*)=http://(.*) [OR]
RewriteCond %{QUERY_STRING} (.*)=https://(.*) [OR]
RewriteCond %{QUERY_STRING} (.*)=ftp://(.*) [OR]
RewriteCond %{QUERY_STRING} ^(.*)UNION(.*) [OR]
RewriteCond %{QUERY_STRING} ^(.*)SQL_INJECTION(.*)
RewriteRule (.*) http://127.0.0.1 [L,R=301]


That is in the .htaccess file in the root of your webspace is it?
Directly into the public_html folder?

Jim

_________________
The truth is out there.
Unfortunately they will not let you anywhere near it!
Back to top
Holger
Board Member



Joined: 19 Jan 2009

Posts: 509
Location: Hanover


flag
PostPosted: Fri Oct 30, 2009 8:32 am 
Post subject: Re: Any anti-hack Mods?

Yes
Back to top
Display posts from previous:   
Register or Login to Post    Index » phpBB2 Discussion  Previous TopicPrint TopicNext Topic
Page 1 of 2 All times are GMT
Goto page 1, 2  Next
 
Jump to:  

Index • About • FAQ • Rules • Privacy • Search •  Register •  Login 
Not affiliated with or endorsed by the phpBB Group
Powered by phpBB2 © phpBB Group
Generated in 0.0204 seconds using 15 queries. (SQL 0.0019 Parse 0.0006 Other 0.0179)
phpBB Customizations by the phpBBDoctor.com
Template Design by DeLFlo and MomentsOfLight.com Moments of Light Logo