Firefox PHP

Module: Admin Security Suite

Posted by Joe Curia 
All files from this thread

File Name File Size   Posted by Date  
admin_security_suite-5.2.1.05.zip 13.6 KB open | download Joe Curia 04/20/2016 Read message
Module: Admin Security Suite
August 07, 2007 12:37AM
Please be sure your are running at least v5.2.1.03 before attempting to upgrade your Phorum install.

This security suite is designed to add additional security functions to a Phorum install. Currently this module can monitor the forum title for hacks, lockout IP addresses after a number of failed logins, restrict admin logins to a set list of IP addresses, allow the admin to search for specific terms in all of the settings saved in the admin area, add a captcha to the admin login, add monitoring of IP sessions to stop hackers from using a cookie to access the admin section without logging in, and restrict admin login to a scheduled time period such as from 9 AM to 5 PM. Most security events will also be displayed in the Event Logging module.

As always, requests for added/improved features are welcome. Either post here or email (email included in readme).

This module can also be used in Phorum 5.1 but you need v1.07a which is found here.


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald




Edited 7 time(s). Last edit at 10/11/2009 05:13AM by Joe Curia.
Attachments:
open | download - admin_security_suite-5.2.1.05.zip (13.6 KB)
Re: Module: Admin Security Suite
November 26, 2007 12:00PM
Was having a few problems upgrading to the latest beta release - the admin page wasnt loading to complete the upgrade because of to many redirects. Managed to identify it as being caused by this module, and deleted its entry from the phorum_settings table, after which the upgrade finished fine.

Just to warn people, I suggest you turn this module off before performing any upgrades. It can be easily turned on again after.

Tom.

(Edit - after turning the module back on, captchas on the login page were no longer displayed, just an image not found symbol. Replaced the entire module with a fresh download and it worked fine.)



Edited 1 time(s). Last edit at 11/26/2007 12:25PM by tomhmeredith.
Module: Admin Security Suite v5.2.1.01 - enable captcha skipping on first attempt
May 17, 2008 02:54AM
I have completed v5.2.1.01 of the mod with these changes:

- Added the ability to choose whether to ignore the captcha on the first login attempt. Basically, this assumes that a bot isn't going to guess your admin password on the first attempt, so why use a captcha the first try. With this setting enabled, the captcha is displayed, but you do not need to enter it on the first attempt. If the incorrect password is entered, each subsequent attempt will require the captcha.

- Fixed numerous PHP errors.


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Re: Module: Admin Security Suite
June 17, 2008 03:09PM
One idea I've had for improved admin security is to require admin password to be reentered at some occasions, such as when changing forum settings (where title and head tags are altered) and doing other destructive things, like deleting forums and also for changing the password of any account (including the admins). This should reduce the impact of a stolen cookie considerably.

Perhaps session IDs could also be tied to the IP you logged in with, which completely should eliminate the ability to steal session cookies unless you can attack from the same IP I guess.

Tossing them out there. :)
Re: Module: Admin Security Suite
June 17, 2008 03:47PM
Quote
Mathias
One idea I've had for improved admin security is to require admin password to be reentered at some occasions, such as when changing forum settings (where title and head tags are altered) and doing other destructive things, like deleting forums and also for changing the password of any account (including the admins). This should reduce the impact of a stolen cookie considerably.

I will look into some of these ideas.

Quote
Mathias
Perhaps session IDs could also be tied to the IP you logged in with, which completely should eliminate the ability to steal session cookies unless you can attack from the same IP I guess.

This has already been implemented and is enabled by default in the "Admin IP Address Session Lock" section of the settings page.


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
I have finished v5.2.1.02 of this mod with these changes:

- Added a number of event flags to be logged in the Event Logging module. All are logged under the category "Security" and actual failed attempts at login, captcha, override codes, etc will show as alerts while other lower risk events will show as warnings.

- Check config.php file permissions to ensure that only the owner can read it. Check for the config.php.sample file as this may also contain database password info if not deleted during the installation. This can help avoid database intrusion on a shared host but this check can be disabled if this is not a concern.

- Fixed numerous PHP errors.


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Module: Admin Security Suite v5.2.1.03 - Bugfix: Error while upgrading Phorum
October 15, 2008 03:53PM
I have completed v5.2.1.03 of this module with the following change:

- Bugfix: The admin_pre function was set to run a security check even while installing or upgrading Phorum. Phorum user Marian reported that this derailed an upgrade from Phorum 5.2.7 to 5.2.9a. Thanks goes to Marian for helping find and fix this bug.


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Module: Admin Security Suite v5.2.1.04 - Support for Phorum 5.2.11 and beyond
October 11, 2009 05:14AM
I have released v5.2.1.04 of this module with the following change:

- Enhancement: Added support for the Admin Token required by Phorum 5.2.11 and beyond.


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Re: Module: Admin Security Suite v5.2.1.04 - Support for Phorum 5.2.11 and beyond
November 06, 2009 07:26PM
I installed it and got this:

Fatal error: Call to undefined function imagecreate() in /var/www/mods/admin_security_suite/admin_security_suite.php on line 410
Re: Module: Admin Security Suite v5.2.1.04 - Support for Phorum 5.2.11 and beyond
November 06, 2009 09:23PM
You will need to enable/install the GD library for your PHP installation in order to use this module.


Joe Curia (aka Azumandias)
Modules: l0Admin Mass Email00000000l000000Automatic Time Zones000ll.l00000Enhanced Custom Profiles0.00Google Calendar0000l.l000000Post Previews
000000000Admin Security Suite000000000000Check Modules for Upgrades0000External Authentication000000Group Auto-Email00000.00000Private Message Alerts
000000000Attachment Download Counter0000Custom Attachment Icons000ll.ll00Favorite Forums000000.00000Highlighted Search Terms0000Self-Delete Posts Option
000000000Attachment Watermarks0l00000000Custom Language Database00l.l.0Forum Lockdown00000.00000Ignore Forums0000000000000Threaded Tree View
000000000Automatic Message Pruning00.llll.00Easy Color Scheme Manager0l.l00Forum Subscriptions0000lll000Moderated User Group
Templates:lGeneric Integration000000000 0000Simple Rounded000000 00000000Tabbed Emerald
Sorry, only registered users may post in this forum.

Click here to login