Firefox PHP

New Mod: Admin Security Suite

Posted by Joe Curia 
Re: New Mod: Admin Security Suite
August 04, 2007 02:47PM
Yes, we are desparately waiting till one of us gets hacked. Maybe they'll do it when I am off collecting the pay check.

Next to stubbornly not installing your module, we are also trying to hack our own code. I have not found any real problems so far. Only some XSS problems with modules which will be fixed in the next release (in a week or so). But based on the reports that we received, these would not be the hacks that the title people did, because it's not a common factor between the reporting users. We also know about hacked admins who use FireFox, where an XSS vulnerability that I found will only work in MSIE. We also have access to the database of a hacked server and I've done some deep searches on the dato to find if there's any XSS through messages going on. But no luck so far. No conclusive holes found yet.


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: New Mod: Admin Security Suite
August 04, 2007 03:25PM
I've added the admin_pre hook to both 5.1 and trunk so that it will be in every next release.
[www.phorum.org]
[www.phorum.org]

Please change your module so that it returns $module which it got as input as thats expected as return value.


Thomas Seifert
Phorum Development Team / Mysnip-Solutions.de
Custom Phorum and general software development
worry-free Phorum Hosting
Admin Security Suite v1.07 - IP Session Monitoring, Scheduled Login Hours
August 05, 2007 02:02AM
Thomas, thank you for adding the hook. I have updated my module as requested.

I have also finished v1.07 with these changes:

- Added the ability to monitor admin IP usage and block hackers from using a valid cookie to access the admin area without logging in.

- Added the ability to restrict admin logins to a scheduled time block such as 9 AM to 5 PM, as determined by your server's time offest by your time zone selection in the "General Settings" section. A warning will be displayed at the top of the Admin section when you have less than 15 minutes before the scheduled time is up. After that, you have the option of allowing an override code to be sent which would allow for an hour of access.

- Updated the IP restriction function to allow the sending of an override code to users with admin access.

- Updated the code to be compatible with the coming "admin_pre" hook in future Phorum releases.

EDIT - I released v1.07a with a bug fix in the scheduling function.

v1 of this mod is now closed. Any changes will be bug fixes. Enhancements will only be made in v2.
The file on the first page contains the latest version.


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald




Edited 1 time(s). Last edit at 08/05/2007 09:14PM by Azumandias.
Re: New Mod: Admin Security Suite
August 09, 2007 02:50PM
unfortunately there is a . missing leading to a parse-error.

line 124 in admin_security_suite.php reads
$checktime = strtotime(date("m/d/Y")." "$PHORUM["phorum_mod_admin_security_suite"]["admin_schedule_stop"].":00");//." +16 hours +4 minutes");

should be

$checktime = strtotime(date("m/d/Y")." ".$PHORUM["phorum_mod_admin_security_suite"]["admin_schedule_stop"].":00");//." +16 hours +4 minutes");


Thomas Seifert
Phorum Development Team / Mysnip-Solutions.de
Custom Phorum and general software development
worry-free Phorum Hosting
Admin Security Suite v1.07b - Bug Fix
August 09, 2007 03:13PM
Thanks for the debugging Thomas.

I have finished v1.07b with these changes:
- Bug fix in the scheduling function.

The file on the first page contains the latest version.


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Sorry, only registered users may post in this forum.

Click here to login