New Mod: Admin Security Suite

All files from this thread

File Name	File Size		Posted by	Date
admin_security_suite_v1_07b.zip	12.2 KB	open | download	Joe Curia	08/09/2007	Read message

EDIT - Now on version 1.07b - see the readme for version history info.
CMU Version [1.07b]
This security suite is designed to add additional security functions to a Phorum install. Currently this module can monitor the forum title for hacks, log admin logins, lockout admin login after a set number of failed attempts, restrict admin logins to a set list of IP addresses, allow the admin to search for specific terms in all of the settings saved in the admin area, centrally manage users with admin access, add a captcha to the admin login, add monitoring of IP sessions to stop hackers from using a cookie to access the admin section without logging in, and restrict admin login to a scheduled time period such as from 9 AM to 5 PM.

If you are using Phorum version 5.1.23 or lower, this module does require one hack so far. You will need to add an "admin_pre" hook to the admin.php file (see the readme for more details on the install).

v1 of this mod is now closed. Any changes will be bug fixes. Enhancements will only be made in v2 which is designed for Phorum 5.2 and can be found here.

---

Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald



Edited 17 time(s). Last edit at 08/09/2007 08:14AM by Azumandias.

Thanks very much for this. As soon as I upgrade I will install it and give it a try.

Michael Horton
lafcpug
[www.lafcpug.org]

Thanks for taking the time to write this watchdog.

FYI: In Phorum 5.2, we have added an event logging module, which also can log failed and successful admin login actions (including the source IP), amongst a lot of other things. For 5.2 (which is getting towards an alpha devevelopment state fast now), you could choose to use the event logging system to log your events. There is a category "Security" for this, so a security alert would be appropriate.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce



Edited 1 time(s). Last edit at 07/28/2007 02:25AM by mmakaay.

I have finished v1.02 with these changes:
- Recoded the logging of admin logins. Should work better now.
- Added the ability to lockout an IP address if too many failed admin login attempts are made. Requires added "admin_pre" hook.
- Added the ability to clear out the log of admin logins.

My other goals are to:
- Log admin actions such as database entrys, edits, and deletions.
- Group/View logs by date.
- Add option to clear logs before a certain date.
- Add override email on lockout event.

The file above contains the latest version.

Maurice, are any of these things included in 5.2. Is there anything else that could/should be added to this module?

---

Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald

A lot is already logged by that module. Please register for an account on my development site [secretsauce.phorum.org] and PM me the account name that you created there. Then I'll make that user an adminstrator, so you can quickly see for yourself what the event logging module can do already.

Event Logging will most probably grow with extended logging in the future, because this is only a first implementation. The first goal was to log PHP events (errors, notices, warnings) and while I was working on it, I took it further by also logging Phorum internal events.

---

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

OK, installed mod and as far as I can tell it works great. Put name of forum in the settings field and it sent me an email saying title had been changed. I am assuming that is how it works. In any event, it works great. Thanks again.

Michael Horton
lafcpug
[www.lafcpug.org]

All right, thank you for letting me look behind the curtain a bit on the 5.2 dev. I now know the difference between a guy who likes to dabble in code and someone who actually knows what he's doing. I really liked the event logging and also the new module section. It looks great.

So, scratch any furth log development for this mod. I'll try to focus on other security aspects. If anyone has anything in particular they'd like to see, let me know.

---

Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald

I have finished v1.03 with these changes:
- Tweaked the admin lockout feature to display properly.
- Added the ability to allow a lockout override code to be sent to the system email address. This should allow the system admin to login if a password is mistyped on accident but should still styme hackers and bots.

The file above contains the latest version.

---

Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald

how about disabling the admin-user if a number of failed logins are encountered with a "recovery" code sent to the admin user-address or something like that?

---

Thomas Seifert
Phorum Development Team / Mysnip-Solutions.de
Custom Phorum and general software development
worry-free Phorum Hosting

I have finished v1.04 with this change:
- Added the ability to restrict admin login to set IP addresses. If this is enabled there is also an option to allow the sending of an override code to the system email address. This allows the system admin to access the admin section even from a restricted IP address after receiving the override code via mail.

The file above contains the latest version.

Thomas,
I can see have lockouts per admin-user with an email sent to that particular admin-user would be useful. I will look into implementing it. I believe I will simply have the mod send an email with the override code to both the system email and the user-admin's email (if different from the system email). Thanks for the suggestion.

---

Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald