Topic: Forum Restrictions & Hack Attempts

Hi punbb and users alike

I would like to make certain forums availble to logged in users only, BUT for the forum to still be shown on the home page/index of the forum under its category when not logged in.

I hope that this will let visitors know that a forum / category exists for the type of question they have but are unable to view its topics unless they are logged in. thus helping to create a larger user list.

I had a play with the foum settings and groups but if i untick the box 'read  forum' for guest it then disapears from the homepage/index of the forum

I have also noticed from my hosting stats that ive had alot of peeps searching for the terms 'Powered by Punbb' and 'copyright 2002 - 2005 Rickard Andersson' this has co-incided with serveral attempts and one successfull hack to the forum. I did consider removing the <pun_footer> form the main.tbl file but this would also remove the options for closing / stickying forums etc. So to help prevent the search engines finding the text for the copyright i have replaced it with an image.

Does anyone know or is able to give me some extra help / messures to prevent attacks? i have installed as per the guide but wanted to know if there is anything else i can do with regards server settings that i could request my host to alter.

Kind Regards
Roger

Re: Forum Restrictions & Hack Attempts

For your first thing: you'd need to alter the big query on index.php. I think you'll need to leave out this piece:

LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].')

Then, about the security. First thing ofcourse is to always use the latest version. Then to check your mods for possible security holes.

3 (edited by pogenwurst 2006-06-01 15:31)

Re: Forum Restrictions & Hack Attempts

EDIT: aaargh.... elbekko beat me to it.

Looking for a certain modification for your forum? Please take a look here before posting.

Re: Forum Restrictions & Hack Attempts

If you're paranoid about security, you may consider using the following mods: Image Verification, Extra Security, and Group Change Security.

Looking for a certain modification for your forum? Please take a look here before posting.

Re: Forum Restrictions & Hack Attempts

elbekko wrote:

For your first thing: you'd need to alter the big query on index.php. I think you'll need to leave out this piece:

LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].')

I found and removed the above code but then all i got was a message saying 'unable to get forum list' in a red box

thanks anyway

As for security im not that paraniod as i have my backups, would only be an issue i was a regualar attack. and i have the latest version but 1 i think...lol

Kind Regards
Roger

Re: Forum Restrictions & Hack Attempts

Ok, found it, sorry =P
Leave the part I told you in, and just remove this:

 AND fp.read_forum IS NULL OR fp.read_forum=1

You could probably leave out the first thing too, as it's only used for this check.

Re: Forum Restrictions & Hack Attempts

That worked great thank you,

however when clicking the forum that ive select for members only form the index page it get the message

Info
Bad request. The link you followed is incorrect or outdated.

Go back

Can this be changed to something like "you must be logged in to read this forum" ?

Thanks again
Roger

Re: Forum Restrictions & Hack Attempts

Check the language files wink

Re: Forum Restrictions & Hack Attempts

elbekko wrote:

Check the language files wink

Though that would mess with genuine errors, too.

Looking for a certain modification for your forum? Please take a look here before posting.

Re: Forum Restrictions & Hack Attempts

pogenwurst wrote:
elbekko wrote:

Check the language files wink

Though that would mess with genuine errors, too.

Yeah, you'd probably want to write your own entry in the langauge file and then use that instead for this one location (or just hardcode the string in viewforum.php)

Re: Forum Restrictions & Hack Attempts

I would agree Smartys but i dont know how i would do it,  im no coder copy paste is my max realy lol

Re: Forum Restrictions & Hack Attempts

PHPAuctionsites.com wrote:

I would agree Smartys but i dont know how i would do it,  im no coder copy paste is my max realy lol

Well that's what you would do with what I said tongue
Open viewforum.php
FIND

if (!$db->num_rows($result))
    message($lang_common['Bad request']);

REPLACE WITH

if (!$db->num_rows($result))
    message('Please login.');

Of course, replace my text with your own wink
And keep in mind that they will see that message when they enter any invalid forum IDs, nos just forums they don't have permission to read

13 (edited by PHPAuctionsites.com 2006-06-02 11:29)

Re: Forum Restrictions & Hack Attempts

Thanks for that, but ive been playing and very brave i was LOL

I created a new line in the common language file as:

'Forum Locked'          =>  'THIS FORUM IS RESTRICTED TO MEMBERS ONLY - PLEASE REGISTER OR LOGIN TO CONTINUE',

Then put an if  / else stament into viewtopic.php either show the 'Bad request' message or if pun_user is not logged in and the forum is set to fp.read_forum=1 then show my new message ($lang_common['Forum Locked]);

thus leaving the the original bad request function to do its own job.  But this did take me all morning and my php book to learn the if else staments

but hey it works

Thank you all so much for you help, im sure i will be back for more advice or direction!


Roger