phpBB hacks: password security, anti robot login and a full board security system
phpBB uses its own authorisation/session handling, database abstraction layer and template systems, so there are numerous guides on how to use them to create your own modifications for phpBB2.0 and 3.0. Besides this, you can download a large number of quality addons for this popular forum software and here are a couple of security related ones. While I provided links to developers, I would suggest you to download the mods directly from phpBB homepage.
Password security
When a new password is entered, the user will receive a JavaScript warning alerting him of the change.
MOD Author: http://www.underhill.de
MOD Version 1.1.4
Installation Level: easy
Installation Time: 5 minutes
Files To Edit:
includes/usercp_register.php
templates/subSilver/profile_add_body.tpl
language/lang_english/lang_main.php
language/lang_english/lang_faq.php
Anti Robotic Login Flood
This mod will add a random-graphical-text security code field in Login form to protect your phpBB from being flooded of robotic-member-login
MOD Author: http://www.phpbbturkey.com
MOD Description:
MOD Version: 1.0.4
Installation Level: Intermediate
Installation Time: 20 Minutes
Files To Edit:
admin/admin_board.php
includes/constants.php
includes/functions.php
includes/page_header.php
login.php
index.php
templates/subSilver/admin/board_config_body.tpl
templates/subSilver/login_body.tpl
templates/subSilver/index_body.tpl
language/lang_english/lang_admin.php
language/lang_english/lang_main.php
CrackerTracker Professional G5
CrackerTracker Professional G5 is the 5th generation of the famous board security system. It features:
- Worm & Exploit protection Unit with heuristic engine and more than 280 definitions
- SQL Injection detector for GET, POST, … Vars
- Attack Counter function
- Checksum Scanner to detect PHP Files wich were changed
- Recovery System for the board configuration table
- 8 different footer layouts
- File Security Scanner wich detects general security issues in phpBB Files
- Global Message Function
- IP Blocker Engine
- Proxy Blocker Engine
- UserAgent Blocker Engine
- Comfortable LOG Manager to view attack logfiles and manage the files
- Selftest system
- Automatically check file permissions on the logfiles
- Show Security Tipps for your Server and Board
- Maintenance function
- “Miserable User” function to easily block userposts in viewtopic.php
- Adjustable main logfile size
- Completely new and modern layout in ACP and Forum
- Every feature can easily be activated or deactivated over ACP
- Search Flood Protection for Guests and Users
- Login Brute Force Protection System
- Detect wrong Logins and save them in your logfile
- Login History for Users
- IP Range Scanner to detect account abuse
- Spammer Detection System
- Detect human registered Spammer (Spam Detection Boost)
- Spammer Keyword Detection for Posts and Profile
- Registration Protection
- Registration IP Scanning
- Account Password Expire Function
- Account Password Complexity Function
- Account Password Length Control
- Emergency console wich can restore board configuration Table without running phpBB
- Password Reset Flood Protection
- Massmail Protection System
- Auto Recovery Board Settings
- Visual Confirmation for Guest Postings
- Protect from “Throw Away Mailservices”
- Automatically detect misconfiguration of sensible Board Settings
- Very fast code and OOP with Class Files etc.
- Protect from overwriting sensible vars
MOD Author: http://www.cybercosmonaut.de
MOD Version: 5.0.4
Installation Level: Moderate
Installation Time: 40 minutes
Files To Edit:
common.php
login.php
posting.php
search.php
viewtopic.php
admin/admin_board.php
admin/admin_ranks.php
admin/admin_smilies.php
admin/admin_styles.php
admin/admin_user_ban.php
admin/admin_users.php
admin/admin_words.php
includes/auth.php
includes/constants.php
includes/emailer.php
includes/functions.php
includes/functions_post.php
includes/page_header.php
includes/page_tail.php
includes/smtp.php
includes/usercp_email.php
includes/usercp_register.php
includes/usercp_sendpasswd.php
templates/subSilver/overall_footer.tpl
templates/subSilver/overall_header.tpl
templates/subSilver/posting_body.tpl
templates/subSilver/subSilver.cfg