FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » FUDforum Suggestions » security and users, hacker script, forum user list
Show: Today's Messages :: Unread Messages :: Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
security and users, hacker script, forum user list [message #167630] Sat, 11 August 2012 07:03 Go to next message
Atomicrun is currently offline  Atomicrun   Sweden
Messages: 54
Registered: November 2010
Location: Lund
Karma: 0
Member
add to buddy list
ignore all messages by this user
I have some set of bots, who constantly is working the user list, and also try to register new users on the list. I have set admin-approval for new users.

A) If the bot fail to pass the e-mail approval, or if the e-mail is bad, so no approval is reached, I don't like to have these bogus accounts listed on Accounts Pending Approval (3). they should list only after the account has passed the e-mail verification.

B) I don't like the /adm directory. There will be special bots that will try to access files in such directory constantly. I would like to rename this drectory "greenie_458263", include a new fresh /adm directory, that is empty, and load a php script "admadministratorlogin.php", that simply put the IP on the block-list for a few days.
On my server the Apache restrict IP access to internal local network, and there is also an Apache password on this directory.
So I don't really have a problem, and I don't even think that there could be any security issue, but if some intermediate version, a short while, once have a problem, it can not be exploited unless the hacker can figure our the name of the adm directory on the target server.
Re: security and users, hacker script, forum user list [message #167633 is a reply to message #167630] Sat, 11 August 2012 07:49 Go to previous messageGo to next message
Atomicrun is currently offline  Atomicrun   Sweden
Messages: 54
Registered: November 2010
Location: Lund
Karma: 0
Member
add to buddy list
ignore all messages by this user
Another thing about the users-list, list of forum members:

I would prefer, that a "Logged in" user is defined as a user that:
1) performed registration
2) OK on the e-mail verification
3) Passed the admin approval of the account. (if any)

If the user is not "Logged-in", according to above, he should count as "anonymous" when the forum decide on forums.

I would also like the list of forum members, to be inaccessible as long as the user is not "Logged-in".
It is not so that I have any problem with this, but my Apache log gets filled up with many user-list searches, log in attempts and similar.





Re: security and users, hacker script, forum user list [message #167638 is a reply to message #167633] Thu, 16 August 2012 04:50 Go to previous messageGo to next message
Atomicrun is currently offline  Atomicrun   Sweden
Messages: 54
Registered: November 2010
Location: Lund
Karma: 0
Member
add to buddy list
ignore all messages by this user
The disable of the forum-member list is in the binary options. Now, is there options that is not implemented in the "Global options" selection, or why have I not found it ?
Re: security and users, hacker script, forum user list [message #167683 is a reply to message #167633] Wed, 29 August 2012 22:56 Go to previous messageGo to next message
NeXuS is currently offline  NeXuS   Korea, Republic of
Messages: 121
Registered: July 2010
Location: South Korea
Karma: 5
Senior Member
Contributing Core Developer
add to buddy list
ignore all messages by this user
Atomicrun wrote on Sat, 11 August 2012 20:49
Another thing about the users-list, list of forum members:

I would prefer, that a "Logged in" user is defined as a user that:
1) performed registration
2) OK on the e-mail verification
3) Passed the admin approval of the account. (if any)


AFAIK a user is "logged in" only if the login has been correctly performed. This also means that the account has to be verified and approved (otherwise one cannot conclude the login process).

Atomicrun wrote on Sat, 11 August 2012 20:49

I would also like the list of forum members, to be inaccessible as long as the user is not "Logged-in".
It is not so that I have any problem with this, but my Apache log gets filled up with many user-list searches, log in attempts and similar.


Modify your theme to show the list only to logged in users, it should be pretty easy.
Re: security and users, hacker script, forum user list [message #167684 is a reply to message #167638] Wed, 29 August 2012 22:59 Go to previous messageGo to next message
NeXuS is currently offline  NeXuS   Korea, Republic of
Messages: 121
Registered: July 2010
Location: South Korea
Karma: 5
Senior Member
Contributing Core Developer
add to buddy list
ignore all messages by this user
Atomicrun wrote on Thu, 16 August 2012 17:50
The disable of the forum-member list is in the binary options. Now, is there options that is not implemented in the "Global options" selection, or why have I not found it ?


"Global Settings Manager" -> "Primary Forum Options" -> "Forum Enabled"

It's a dropdown menu instead of a checkbox, in case you got confused by it.
Message by bbnewbie is ignored  [reveal message]  [reveal all messages by bbnewbie]  [stop ignoring this user] Go to previous messageGo to next message
Re: security and users, hacker script, forum user list [message #167837 is a reply to message #167633] Fri, 19 October 2012 01:39 Go to previous message
Geraldinehenry is currently offline  Geraldinehenry   United States
Messages: 2
Registered: October 2012
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Atomicrun wrote on Sat, 11 August 2012 07:49
Another thing about the users-list, list of forum members:

I would prefer, that a "Logged in" user is defined as a user that:
1) performed registration
2) OK on the e-mail verification
3) Passed the admin approval of the account. (if any)

If the user is not "Logged-in", according to above, he should count as "anonymous" when the forum decide on forums.

I would also like the list of forum members, to be inaccessible as long as the user is not "Logged-in".
It is not so that I have any problem with this, but my Apache log gets filled up with many user-list searches, log in attempts and similar.

Surprised




Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Suggestions #224231423424
Next Topic: NNTP Integration - Cancel deleted Messages
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Feb 06 21:42:27 EST 2025

Total time taken to generate the page: 0.05786 seconds