phpBB2Refugees.com Logo
Not affiliated with or endorsed by the phpBB Group

Register •  Login 

Continue the legacy...

Welcome to all phpBB2 Refugees!Wave Smilie

This site is intended to continue support for the legacy 2.x line of the phpBB2 bulletin board package. If you are a fan of phpBB2, please, by all means register, post, and help us out by offering your suggestions. We are primarily a community and support network. Our secondary goal is to provide a phpBB2 MOD Author and Styles area.

phpBB2.0.23 vs phpBB3 (Security)


 
Search this topic... | Search phpBB2 Discussion... | Search Box
Register or Login to Post    Index » phpBB2 Discussion  Previous TopicPrint TopicNext Topic
Author Message
Hagbard_Celine
Board Member



Joined: 03 Aug 2009

Posts: 14


flag
PostPosted: Mon Aug 10, 2009 4:25 am 
Post subject: phpBB2.0.23 vs phpBB3 (Security)

So. I decide my forum needs to run it's links through Anonym.to. So I get the mod and it isn't compatable with 2.0.23. So I email the owner.

In his reply, he suggests upgrading for security reasons.

Now I know the longer a method of concealing information is around, the more likely it is of people knowing how to get past it. But I'm also aware that people only remember what's useful. And breaching outdated software isn't very useful.
I also don''t give a toss.

What do you guys think?
Should I protect myself from my fellow man, and modify the functioning of my forum?
Back to top
ABDev
Board Member



Joined: 01 Jun 2009

Posts: 38


flag
PostPosted: Mon Aug 10, 2009 12:25 pm 
Post subject: Re: phpBB2.0.23 vs phpBB3 (Security)

I had made a MOD based on that.
I search you it, and I'll post it when I'll have refound it.
Back to top
Hagbard_Celine
Board Member



Joined: 03 Aug 2009

Posts: 14


flag
PostPosted: Mon Aug 10, 2009 3:38 pm 
Post subject: Re: phpBB2.0.23 vs phpBB3 (Security)

Thank you ABDev icon_biggrin.gif
I'll patiently await your mod.
Back to top
ABDev
Board Member



Joined: 01 Jun 2009

Posts: 38


flag
PostPosted: Mon Aug 10, 2009 5:01 pm 
Post subject: Re: phpBB2.0.23 vs phpBB3 (Security)

The same MOD as mine : Disable Direct Linking icon_wink.gif.
Back to top
Hagbard_Celine
Board Member



Joined: 03 Aug 2009

Posts: 14


flag
PostPosted: Mon Aug 10, 2009 7:50 pm 
Post subject: Re: phpBB2.0.23 vs phpBB3 (Security)

Aye. This is the mod that's incompatable with 2.0.23.
Do you know how I can remedy this?
Back to top
ABDev
Board Member



Joined: 01 Jun 2009

Posts: 38


flag
PostPosted: Mon Aug 10, 2009 8:14 pm 
Post subject: Re: phpBB2.0.23 vs phpBB3 (Security)

No, it works on that version too.
Back to top
Jimmer
Board Member



Joined: 09 Jun 2009

Posts: 4



PostPosted: Mon Aug 10, 2009 8:33 pm 
Post subject: Re: phpBB2.0.23 vs phpBB3 (Security)

I have missed something. What problem does direct linking cause?
Back to top
Hagbard_Celine
Board Member



Joined: 03 Aug 2009

Posts: 14


flag
PostPosted: Mon Aug 10, 2009 9:27 pm 
Post subject: Re: phpBB2.0.23 vs phpBB3 (Security)

Jimmer wrote:
I have missed something. What problem does direct linking cause?


Nothing security-wise.
I just want to run links through Anonym.to so certain links can't be tracked back to my forum.


ABDev. Try installing this on a 2.0.23, the first file has been upgraded, so I can't identify what needs to be switched to what.
Back to top
ABDev
Board Member



Joined: 01 Jun 2009

Posts: 38


flag
PostPosted: Mon Aug 10, 2009 9:43 pm 
Post subject: Re: phpBB2.0.23 vs phpBB3 (Security)

The lines haven't changed, so this MOD works good on that version.
If you don't fine the lines to modify, it's just because the MOD author put a "find " before the lines to search.
Example :

Code:
find $ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);


Remove "find " :

Code:
$ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);


Now search the line, and you'll find it.
The three lines are concerned.
Idem with "replace with "

Edit : here is a rewritten install file. It'll be easier for you.



rw-ddl.txt
 Description:

Download
 Filename:  rw-ddl.txt
 Filesize:  2.44 KB
 Downloaded:  573 Time(s)

Back to top
Hagbard_Celine
Board Member



Joined: 03 Aug 2009

Posts: 14


flag
PostPosted: Mon Aug 10, 2009 10:00 pm 
Post subject: Re: phpBB2.0.23 vs phpBB3 (Security)

ABDev wrote:
here is a rewritten install file. It'll be easier for you.


You re-wrote it?
Thanks a lot! icon_biggrin.gif I'll work on it after my break. If it works, I'll credit you on the site.
Back to top
Acaria
Board Member



Joined: 20 Feb 2009

Posts: 238



PostPosted: Tue Aug 11, 2009 1:15 am 
Post subject: Re: phpBB2.0.23 vs phpBB3 (Security)

To my understanding the worst security flaw with PhpBB2 is that is uses Md5 hashing?

/has no idea what that is, just see's a ton of people posting "OMG PHPBB2 FAILS CUZ' IT'S MD5'ness"

XD
Back to top
ABDev
Board Member



Joined: 01 Jun 2009

Posts: 38


flag
PostPosted: Tue Aug 11, 2009 9:44 am 
Post subject: Re: phpBB2.0.23 vs phpBB3 (Security)

If someone accessed to your database, and takes the phpbb_users table, he can reverse the MD5 hash of the user_password entry via rainbow tables.
The crypted passwords would be displayed in clear after that.

The best solution is to complexe them (use more of 8 alphanumeric characters, @ complexes again the hash, ...).

So as to do, there are lots of small issues in phpBB2, which are easy to fix.
Back to top
Jim_UK
Board Member



Joined: 19 Nov 2008

Posts: 556
Location: North West UK


flag
PostPosted: Tue Aug 11, 2009 11:08 am 
Post subject: Re: phpBB2.0.23 vs phpBB3 (Security)

Paranoia

Jim
Back to top
Hagbard_Celine
Board Member



Joined: 03 Aug 2009

Posts: 14


flag
PostPosted: Tue Aug 11, 2009 1:50 pm 
Post subject: Re: phpBB2.0.23 vs phpBB3 (Security)

Jim_UK wrote:
Paranoia

Jim


Oh thank GOD someone said that.


Anyway. I worked out why I couldn't get the Anonym.to hack to work. I think it's because of Advanced BBCode Box MOD. I'm feeling rather lazy today, so it'll take me a while to inspect it.
Back to top
Display posts from previous:   
Register or Login to Post    Index » phpBB2 Discussion  Previous TopicPrint TopicNext Topic
Page 1 of 1 All times are GMT
 
Jump to:  

Index • About • FAQ • Rules • Privacy • Search •  Register •  Login 
Not affiliated with or endorsed by the phpBB Group
Powered by phpBB2 © phpBB Group
Generated in 0.0306 seconds using 17 queries. (SQL 0.0027 Parse 0.0025 Other 0.0254)
phpBB Customizations by the phpBBDoctor.com
Template Design by DeLFlo and MomentsOfLight.com Moments of Light Logo