1

Topic: admin

Hi everybody,

I wanted to know if there is a mod for protecting the panel admin ?

Moreover, for more security, wouldn't one have to put the admin files in a repertory /admin/ ?

thanks.

2 (edited by CodeXP 2006-02-14 13:47)

Re: admin

There's no need for a mod, or moving the files to a specific directory. Just add the following to a .htaccess file in the PunBB root directory:

<Filesmatch "^admin_.*\.php$">
    AuthType Basic
    AuthName "PunBB's admin section requires a valid username and password"
    AuthUserFile /enter/path/to/your/.htpasswd
    require valid-user
</Filesmatch>

Remember to change the path for AuthUserFile smile

3 (edited by bodhisattva 2006-02-14 16:00)

Re: admin

Or, you can add this to your admin_*.php pages

if ($_SERVER['REMOTE_ADDR'] != 'xxx.xxx.xxx.xxx') exit('Hacking Attempt');

Replace xxx.xxx.xxx.xxx with your fixed IP.

Or you can implement an whitelist/blacklist network authentication module via admin panel.

4

Re: admin

thank you smile

@CodecXP: what means "Currently blocked IPs: 18" in the footer in your forum ? it's a mod ?

Re: admin

Not a plugin, moved to PunBB discussions.

Looking for a certain modification for your forum? Please take a look here before posting.

Re: admin

p314 wrote:

@CodecXP: what means "Currently blocked IPs: 18" in the footer in your forum ? it's a mod ?

I believe it has to do with CodeXP's spam protection mod.

Looking for a certain modification for your forum? Please take a look here before posting.

Re: admin

p314 wrote:

thank you smile

@CodecXP: what means "Currently blocked IPs: 18" in the footer in your forum ? it's a mod ?

Yeah, it's related to the spam protection mod that pogenwurst linked to smile

8

Re: admin

Hi CodexXP !

I don't understand why there is a code block MD5 hash in common.php and functions.php ???
How do I know if this mod works on my forum, there is nothing in my footer ?

Do this mod blocks the ip's proxy ?

thanks smile

Re: admin

p314 wrote:

Hi CodexXP !

I don't understand why there is a code block MD5 hash in common.php and functions.php ???
How do I know if this mod works on my forum, there is nothing in my footer ?

Do this mod blocks the ip's proxy ?

thanks smile

That's because I never posted the footer part, as I didn't see the need at the time wink

If you want it, here's how to add it.

1. Open functions.php, and add at the bottom:

function spam_stat()
{
  global $db;

  $result = $db->query('SELECT COUNT(ip) AS numrows FROM '.$db->prefix.'spam_protect WHERE blocked=\'1\'')  or error('Unable to get spam protection', __FILE__, __LINE__, $db->error());
    list($count) = $db->fetch_row($result);

    if(!$count)
            $count = 0;

  echo '<br />SPAM Protection » Currently blocked IPs: <strong>'.$count.'</strong>';
}

2. Open footer.php, and replace (line 109):

            <p class="conr">Powered by <a href="http://punbb.org/">PunBB</a><?php if ($pun_config['o_show_version'] == '1') echo ' '.$pun_config['o_cur_version']; ?><br />© Copyright 2002–2005 Rickard Andersson</p>

with:

            <p class="conr">Powered by <a href="http://punbb.org/">PunBB</a><?php if ($pun_config['o_show_version'] == '1') echo ' '.$pun_config['o_cur_version']; ?><br />© Copyright 2002–2005 Rickard Andersson<?php spam_stat(); ?></p>

That's it smile

Also, yes, it should and will block the proxy server, if it's listed in the spamhaus database.

Oh, about the MD5 blocks... Well, they're not really needed, I just added them as a quick way to verify if people had modified the files correctly. Let's say someone had problems after installing it, I could just ask them to check the MD5 of the code block, using the plugin in the admin CP. If that check failed, I'd know they did something wrong wink

10

Re: admin

CodeXP wrote:

I just added them as a quick way to verify if people had modified the files correctly. Let's say someone had problems after installing it, I could just ask them to check the MD5 of the code block, using the plugin in the admin CP. If that check failed, I'd know they did something wrong wink

Thanks, good job wink