FUDforum

Post Form

Logged in user:

CommonCrawl [Bot] [logout]

Forum:

FUDforum Suggestions

Title:

Poll:

[CREATE POLL]

Message Icon:

No Icon

Smiley Shortcuts:
[ list all smilies ]

Formatting Tools:

Body:

Forum Options:
HTML code is off
BBcode is on
Images are on
Smilies are on
Editing Time Limit: Unlimited

File Attachments:

Allowed File Extensions: jpg jpeg png gif txt doc gz bz2 inc php zip diff
Maximum File Size: 500KB
Maximum Files Per Message: 3

Options:

	Post Notification
	Notify me when someone replies to this message.
	Include Signature
	Include your profile signature.
	Disable smilies in this message

Topic View

Re: security and users, hacker script, forum user list

Fri, 19 October 2012 01:39

Geraldinehenry

Karma:

Atomicrun wrote on Sat, 11 August 2012 07:49

Another thing about the users-list, list of forum members:

I would prefer, that a "Logged in" user is defined as a user that:
1) performed registration
2) OK on the e-mail verification
3) Passed the admin approval of the account. (if any)

If the user is not "Logged-in", according to above, he should count as "anonymous" when the forum decide on forums.

I would also like the list of forum members, to be inaccessible as long as the user is not "Logged-in".
It is not so that I have any problem with this, but my Apache log gets filled up with many user-list searches, log in attempts and similar.

Post by bbnewbie is ignored

Re: security and users, hacker script, forum user list

Wed, 29 August 2012 22:59

NeXuS

Karma:

Atomicrun wrote on Thu, 16 August 2012 17:50

The disable of the forum-member list is in the binary options. Now, is there options that is not implemented in the "Global options" selection, or why have I not found it ?

"Global Settings Manager" -> "Primary Forum Options" -> "Forum Enabled"

It's a dropdown menu instead of a checkbox, in case you got confused by it.

Re: security and users, hacker script, forum user list

Wed, 29 August 2012 22:56

NeXuS

Karma:

Atomicrun wrote on Sat, 11 August 2012 20:49

Another thing about the users-list, list of forum members:

I would prefer, that a "Logged in" user is defined as a user that:
1) performed registration
2) OK on the e-mail verification
3) Passed the admin approval of the account. (if any)

AFAIK a user is "logged in" only if the login has been correctly performed. This also means that the account has to be verified and approved (otherwise one cannot conclude the login process).

Atomicrun wrote on Sat, 11 August 2012 20:49

I would also like the list of forum members, to be inaccessible as long as the user is not "Logged-in".
It is not so that I have any problem with this, but my Apache log gets filled up with many user-list searches, log in attempts and similar.

Modify your theme to show the list only to logged in users, it should be pretty easy.

Re: security and users, hacker script, forum user list

Thu, 16 August 2012 04:50

Atomicrun

Karma:

The disable of the forum-member list is in the binary options. Now, is there options that is not implemented in the "Global options" selection, or why have I not found it ?

Re: security and users, hacker script, forum user list

Sat, 11 August 2012 07:49

Atomicrun

Karma:

Another thing about the users-list, list of forum members:

I would prefer, that a "Logged in" user is defined as a user that:
1) performed registration
2) OK on the e-mail verification
3) Passed the admin approval of the account. (if any)

If the user is not "Logged-in", according to above, he should count as "anonymous" when the forum decide on forums.

I would also like the list of forum members, to be inaccessible as long as the user is not "Logged-in".
It is not so that I have any problem with this, but my Apache log gets filled up with many user-list searches, log in attempts and similar.

security and users, hacker script, forum user list

Sat, 11 August 2012 07:03

Atomicrun

Karma:

I have some set of bots, who constantly is working the user list, and also try to register new users on the list. I have set admin-approval for new users.

A) If the bot fail to pass the e-mail approval, or if the e-mail is bad, so no approval is reached, I don't like to have these bogus accounts listed on Accounts Pending Approval (3). they should list only after the account has passed the e-mail verification.

B) I don't like the /adm directory. There will be special bots that will try to access files in such directory constantly. I would like to rename this drectory "greenie_458263", include a new fresh /adm directory, that is empty, and load a php script "admadministratorlogin.php", that simply put the IP on the block-list for a few days.
On my server the Apache restrict IP access to internal local network, and there is also an Apache password on this directory.
So I don't really have a problem, and I don't even think that there could be any security issue, but if some intermediate version, a short while, once have a problem, it can not be exploited unless the hacker can figure our the name of the adm directory on the target server.

Current Time: Mon Mar 24 21:52:17 EDT 2025

Total time taken to generate the page: 0.06580 seconds