Firefox PHP

New Mod: Admin Security Suite

Posted by Joe Curia 
Admin Security Suite v1.05 - Bug Fix and Ability to Search Saved Settings
July 31, 2007 07:35PM
I have finished v1.05 with these changes:
- Fixed a bug in the title monitoring code which would not replace a hacker's code with the proper title.

- Added the ability to search through the settings saved from the admin area. This is useful if you are looking for all instances of a hacker adding an iframe or the hacker's name to your site from the admin area. The results require some knowledge of the Phorum framework.

- Changed the module's settings interface to incorporate the new features.

The file above contains the latest version.


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Re: New Mod: Admin Security Suite
August 01, 2007 01:43PM
Just installed and this looks like an awesome module. I only wish I'd been able to use it in June, it would have saved me loads of time!

Many, many thanks for creating this useful module.

/\dam

--
My notable Phorum sites:
Movie Deaths Database - "review comments" system mostly powered by Phorum
Learn Chinese! - integrated forum quiz
Re: New Mod: Admin Security Suite
August 01, 2007 04:21PM
I really like this mod and wondered if its possible to add something else. Namely usergroups for admins. In such a manner that you can appoint a folder + forums to one admin without giving full access. I dont know if this is possible at all but it would be a nice feature.

Sergej

------------------------------------------
^AU^ Assassins United
[www.assassinsunited.com]
------------------------------------------
Re: New Mod: Admin Security Suite
August 01, 2007 04:44PM
This is a security suite, not an admin account extension suite. Although it's tempting to push Azumandias in all kinds of admin functionality extensions, better keep focusing on security for this module =)


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: New Mod: Admin Security Suite
August 01, 2007 05:13PM
No not what I meant at all, this is in relation to the other thread in the General Forum where people got allegedly hacked. This can happen because they give admin to several people. This increases the risk for the admin area. Anyways, it was just an idea.

Sergej

------------------------------------------
^AU^ Assassins United
[www.assassinsunited.com]
------------------------------------------
Re: New Mod: Admin Security Suite
August 01, 2007 05:39PM
I know what you mean, but to me this seems as a feature that is far far outside this module's scope. It would at least be a separate module, but more likely a rewrite of the admin interface, because it's not something you can arrange for in a mod.

If you really distrust your own admins, then to me the reverse path seems more appropriate. Do not make users administrators, but instead write a module / script which lets certain users manage the settings that they should be able to edit in the Phorum admin configuration. If I would implement something like this, the users that needed more permissions would never really access the admin.php.


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce



Edited 1 time(s). Last edit at 08/01/2007 05:41PM by mmakaay.
Re: New Mod: Admin Security Suite
August 01, 2007 05:56PM
Yes, I wondered if it were possible to combine it with this mod since it does hinge on the same concept. More under the motto of less modules with more possibilities, my mod list is getting long :-p

Sergej

------------------------------------------
^AU^ Assassins United
[www.assassinsunited.com]
------------------------------------------
Re: New Mod: Admin Security Suite
August 01, 2007 07:12PM
I cannot agree. Less modules with more functionality is 100% against my UNIX heart :-)

Quote
Dough McLLroy, rule nr. 1
Make each program do one thing well. To do a new job, build afresh rather than complicate old programs by adding new features.


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: New Mod: Admin Security Suite
August 02, 2007 06:44PM
As I consider adding captchas to the admin login, I am learning to use the GD library. One question before I go to far. My web host supports gif, jpg, and png creation. I myself am inclined towards jpg. Is there a reason to pick one over another? Is their more server support out there for one over another? Thanks for helping a semi-newb to code.


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Re: New Mod: Admin Security Suite
August 02, 2007 07:21PM
GIF has been disabled for a while in GD, because of library licenses. So there might still be systems out there that do not support gif. Modern up-to-date systems should support all image formats with no problems. I would go for PNG or JPEG.

Maybe you can start with a simpler CAPTCHA type or borrow functionality from the Spam Hurdles module. I think it should be possible to borrow the CAPTCHA functionality which is provided by that module. Maybe also the other anti-bot measures. It would at least prevent you from having to write yet another CAPTCHA system (unless you really are having fun doing so of course :-).


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Sorry, only registered users may post in this forum.

Click here to login