2
   

How did I break the IP logger this time?

 
 
Reply Wed 9 Jul, 2003 10:27 am
Hi CdK! Yes, yet another nuisance thing going on.
First and foremost, the board is operating in a stable manner, avatars are back, and I'm open for business, ergo I am a happy camper! Smile Thanks again for ALL of your help!
Now I am in "tweak" mode - trying to get some of the bugs out.
I will dete the fm admin files - once powerweb is stable - it's a horror show today.
i don't think that has anything to do with the ip logger though - but based on avatars, i'm wondering if the fm code mucked things around.
anyway, i had previously been able to log the ips, and i think it's useful to see when/if google crawls, etc.
anyway, the iplogger is misbehaving, i think since i deleted the logged ips.
i have since made sure the admin sub is 755, the data sub is 777, i was able to zip the ips (i.e. a zip of a 0 file) and then i unzipped it on my desktop and uploaded the unzipped file (binary, 0 bytes) in an attempt to allow modifying a file, versus file creation. no luck.
the server test claims my server does not allow writing - although the server previously had. any thoughts?
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 2 • Views: 3,341 • Replies: 20
No top replies

 
Craven de Kere
 
  1  
Reply Wed 9 Jul, 2003 10:40 am
Those are not standard features. Did you reinstall the mods?
0 Replies
 
Craven de Kere
 
  1  
Reply Wed 9 Jul, 2003 10:45 am
BTW, if you can PM me a list of links to the threads I need to answer I'll start working through them today.
0 Replies
 
gadgetaddict
 
  1  
Reply Wed 9 Jul, 2003 11:03 am
oh geez, i don't want to give you threads of posts i need help with - but then, i need the help Smile
i didn't realize ip logger wasn't a standard feature, so i'll let that one go for now, or look for the mod on phpbb.com
for the most part, do you think i'm safe installing the phpbb.com approved mods? seems safe to me...although i have to wonder at what point i'm recreating the fm board...
anyway, thanks! Smile
Gary
0 Replies
 
Craven de Kere
 
  1  
Reply Wed 9 Jul, 2003 11:06 am
The thing is, even if you recereate the FM board you will at least know what you did and know where to look when there are problems.

phpbb.com's mods are safe. Unfortunately there are only a few of them.
0 Replies
 
Craven de Kere
 
  1  
Reply Wed 9 Jul, 2003 11:07 am
Also note that phpbb.com has listed mods that were a hacking threat, so the mods that are not there do not necessarily mean they are less secure.

Everyone screws up sometimes.
0 Replies
 
gadgetaddict
 
  1  
Reply Wed 9 Jul, 2003 11:13 am
geez, i knew phpbb.com felt some mods were not secure, but i didn't realize there were hacking threats - i'll check that out right now - thanks again (as always) for the heads up!
0 Replies
 
Craven de Kere
 
  1  
Reply Wed 9 Jul, 2003 11:27 am
Don't fret too much about the hacking threat.

phpbb itself has shipped with at least 5 hacking threats that I can remember off the top of my head.

The biggest hacking threat there is is to have a computer or website. :-)
0 Replies
 
gadgetaddict
 
  1  
Reply Wed 9 Jul, 2003 11:29 am
i once had a hacking cough, but that only affected those within spitting distance. guess it's not the same thing....
0 Replies
 
Craven de Kere
 
  1  
Reply Wed 9 Jul, 2003 11:33 am
Nope. But don't take the hacking stuff to seriously. The type of hosting you have (shared with other users, who have access to the machine and can use simpler exploits) is a far greater hacking risk than most of the exploits in phpbb code.
0 Replies
 
gadgetaddict
 
  1  
Reply Wed 9 Jul, 2003 11:39 am
i'm not really losing sleep over hacking - i'm a tiny site, and i back up regularly. out of curiousity (which, incidentally, supposedly killed the cat), do you mean i have a greater hacking risk from the staff at ipowerweb, or do you mean that a fellow powerweb user may have an easier time getting into my share? just curious....
as for hacking, is it feasible to hack into a phpbb's system, or better web server, to copy their php files? (i'm not talking about a brute force password attack on their server, i mean looking at their files through a back door)
0 Replies
 
Craven de Kere
 
  1  
Reply Wed 9 Jul, 2003 12:03 pm
Well the staff at ipowerweb can do whatever they want, it's not even hacking because they own the boxes.

But they won't, they are the largest host of that nice and they would never do that. Well, never say never but you get the point.

What I was talking about is other users on ipowerweb. Most of the time you will be secure but every now and then there will be an exploit that is only exploitable by anotehr user with virtual hosting on your server.

For example, the most popular open source php image gallery system allows a backdoor into other accounts under some server configurations.

Hacking through phpbb is limited. When there is a phpbb exploit it is rarely the type that would grant web server access.

But yes, there are always ways to hack a server. The overwhelming makority are through exploits that the server admin will patch but there are many ways and there is always a risk.

For example, if you donwload and install bitchx (an IRC program) you will ahve opened a backdoor yourself. BitchX claims any exploits are unintentional but that's pure bull.

So basically, yes, there are many ways to hack a server. I do not rate phpbb as a thread but tehy ahve had exploits.

Even without exploits it's possible for someone to hijack your account and have phpbb administrative access. For this reason it's usually a good idea to password protect your admin directory through your cpanel. That way if phpbb's authentication is breached the hta access password will protect you from having the phpbb admin panel accessed.

But there are also exploits that do not grant access to your server but are still hacking exploits.

For example a DOS attack. phpbb is vulnerable as is any site. But some phpbb mods make it easy, the stats mods use so many queries on the database that it actually facilitates a DoS. In my tests I have been able to kill a database through a DoS aimed at the stats mod more easily than with phpbb without mods.
0 Replies
 
Craven de Kere
 
  1  
Reply Wed 9 Jul, 2003 12:04 pm
BTW, the very latest phpbb vulnerability was of the type that allows another user on your host to view your files if I remember correctly.
0 Replies
 
gadgetaddict
 
  1  
Reply Wed 9 Jul, 2003 12:08 pm
you are a wealth of knowledge! well, since my stats mod isn't working, i don't have to worry about that denial of service problem! i wasn't sure about the admin password though - do you mean to chmod the admin subdirectory, or that i have a different cpanel pw versus my phpbb board pw?
0 Replies
 
Craven de Kere
 
  1  
Reply Wed 9 Jul, 2003 12:10 pm
Not chmod, but htaccess. cpanel lets you do this. Use the control panel that ipowerweb gives you to password protect the directory.
0 Replies
 
gadgetaddict
 
  1  
Reply Wed 9 Jul, 2003 01:02 pm
kewl beanz - never realized i could do that (i use only about 1/3 of the cpanel icons) - so now i made forums/admin password protected - as far as i know, the board should run fine without having to access that sub, right?
btw - they call it web protect
0 Replies
 
Craven de Kere
 
  1  
Reply Wed 9 Jul, 2003 01:33 pm
Yup, they should run fine.
0 Replies
 
gadgetaddict
 
  1  
Reply Thu 10 Jul, 2003 07:34 am
so i guess i should change my password from "bosco" (you have seen that seinfeld episode, right?) Smile
0 Replies
 
Craven de Kere
 
  1  
Reply Thu 10 Jul, 2003 09:52 am
It sounds familiar, so I've probably seen it. Dunno, I'm not big on TV, if I've seen it it was on a puter. :-)
0 Replies
 
gadgetaddict
 
  1  
Reply Fri 11 Jul, 2003 07:51 am
geez, you have the best avatars!
btw - i reinstalled the ip logger, and some of the admin panel features, and voila - vitually every error is gone - yippee!
now i have a VERY robust board, solid portal page (can always use improvements, but solid and working error free!), and I have about 20 mods OF MY CHOOSING - good stuff, like quick reply, behind the scenes stuff like ip logger and enhanced admin panel utilities, pm on registration, name of pm'er sent with your pm notification, and more...i'm a happy camper! Thanks Craven!
0 Replies
 
 

Related Topics

In How much time a website can be developed? - Question by aussiejumpingcastle
Webdevelopment and hosting - Question by harisit2005
Showing an Ico File - Discussion by Brandon9000
how to earn money in internet - Discussion by rizwanaraj
The version 10 bug. Worse then Y2K! - Discussion by Nick Ashley
CSS Border style colors - Question by meesa
There is no Wisdom in Crowds - Discussion by ebrown p
THANK YOU CRAVEN AND NICK!!! - Discussion by dagmaraka
I'm the developer - Discussion by Nick Ashley
 
  1. Forums
  2. » How did I break the IP logger this time?
Copyright © 2021 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 08/02/2021 at 05:30:01