T O P I C R E V I E W |
KC |
Posted - 07 December 2005 : 16:27:00 This is NOT for rookies!... But if you can edit Access DB's loacally and know .asp, this is for you.
Details and DL on my Secure your Snitz website with Secondary Security page.
You pros are going to love this. It makes your higher level access virtualy bulletproof. Enjoy, and your welcome ;-}
< Moved to MOD Add-On Forum (W/Code) by Shaggy /> |
15 L A T E S T R E P L I E S (Newest First) |
Shaggy |
Posted - 15 April 2009 : 04:43:51 Katherine, please do not hijack topics with unrelated queries; please start your own topic instead but be sure to search first to ensure your query has not already been addressed. In this case, there are many, many posts addressing the problems of spam including a sticky in the general help forum detailing all the methods available for dealing with spammers.
|
~Katherine |
Posted - 14 April 2009 : 17:56:05 Great! Now. Any suggestions for getting rid of spambots?
~K~
quote: Originally posted by KC
This is NOT for rookies!... But if you can edit Access DB's loacally and know .asp, this is for you.
Details and DL on my Secure your Snitz website with Secondary Security page.
You pros are going to love this. It makes your higher level access virtualy bulletproof. Enjoy, and your welcome ;-}
< Moved to MOD Add-On Forum (W/Code) by Shaggy />
|
SiSL |
Posted - 13 April 2009 : 16:10:54 quote: Originally posted by KC
Man, I love this new kick butt fast IIS6 server, I have Remote Desktop with Admin Logon to it ;-}
You should see IIS7 ones that came out last year |
Etymon |
Posted - 13 April 2009 : 15:08:14 Great! Thanks KC! |
KC |
Posted - 13 April 2009 : 14:22:08 Yep. http://vales.com/elite/topic.asp?TOPIC_ID=914
I moved to a new server recently and had to re-install it myself. Man, I love this new kick butt fast IIS6 server, I have Remote Desktop with Admin Logon to it ;-}
For example you'll get a ban page for trying to DL http://vales.com/test.zip or http://vales.com/test.mdb no matter how you try to do it.
The .zips will DL if it's a link from a vales.com web page, but there is no DLing an .mdb database from HTTP no matter what ;-}
|
Etymon |
Posted - 13 April 2009 : 13:34:26 Hi KC,
Thank you for this MOD!! Good stuff!
Hey, the link for this ... http://vales.com/securesnitz/ISAPI_Rewrite ... is dead. Do you still have the info?
Cheers,
Etymon
|
KC |
Posted - 13 April 2009 : 12:29:25 Note that this mod has a couple of updates as of 2009 and the link at the top is still good.
Considering I posted this back in 2005 and still using it should tell you something. I have had my share of staff level forum hack attempts and all failed. I actually get a smile when I read the log of their tries and then ban their IP's ;-}
|
designgoddess |
Posted - 14 February 2008 : 11:45:03 Well I have a similiar question...I am wondering two things: 1) is there a way to hold registration and have regisration get emailed to the admin for approval? 2) if we were to wipe out the user names in the db and have everyone reregisterw ould they be able to use the same user name as previously? |
KC |
Posted - 04 February 2008 : 11:32:26 It's back up again now. I cleaned up my server Billbo and this must have been deleted.
As mentioned this is not a "drop in fix" for rookies. It is the building blocks for how to add a second virtually bulletproof level of security to your site no matter how a person gains Mod or even Admin privledges.
I could give you my Admin login and you couldn't get in. I could make you a Mod and you couldn't get in anymore until I manually added you to this 2nd level. I could make you an Admin and added you but you could'nt make anyone else a mod or admin either. Well, you could with admin powers, but they would just get the banned page when they tried to login.
I would have just posted all the instructions and DL links to the .zip files here but I have my server protected from being able to DL any .mdb or .zip file from anything but a link on my sites too, and of course there are not even any links to DL any .mdb files.
It's 2008 now (the Superbowl was down the street from me yesterday) and I have still never had any "Higher Member Level" breech of any kind. |
Billbo |
Posted - 08 May 2006 : 09:31:03 I would like to implement this nifty security feature but can't seem to download your SecureSnitz1.0.zip file. Is it still available? Thanks. |
ILLHILL |
Posted - 15 April 2006 : 19:57:09 This sounds real good. I will work on this first thing tomorrow and test it on my forum.
Thanks for this great addition.
D |
KC |
Posted - 27 March 2006 : 13:33:43 Ya Jez, the code is pretty straight foward and could be modified to any platform, it's the concept that makes it work.
When someone with staff powers logs in (when their mLev is higher than 1 or 2 depending on version) I force another check to see if it really is them, and I do this by tracking their IP number in another db/login system.
If the current and saved IP's don't match, the staff member has to go to the speacial secret page you never link from anywhere and login with their member name and special password to reset their current IP address.
The best part is, none of the info in that little DB can be changed from the internet so nobody can edit it or add themselves. You FTP the DB down, add the new user, and send it back.
It's a pain for very active dial-up staff who's IP changes all the time, but a breeze for broadband guys.
It's worth the pain to track and know that regardless of any BBS security flaw or stolen staff info there is, no hacker is going to get any staff options unless he's sitting at their computer, and as we all know, you can't do anything to a web site without staff powers.
As mentioned, you need the skills to do it as I'm not a teacher or "document" making official mod guy.
I just pop in to share code when I can, and as I should. A system like this pretty much makes every "gain staff access" hack a moot point, and that was my goal.
*edit* One other note... Hackers are rare, but staff needs a good page to be sent to if they didn't re-set their IP from the new system so I changed the page they see to this: http://vales.com/duhh.html
hehhehe. At least it provides a smile ;-} |
Jezmeister |
Posted - 02 March 2006 : 19:01:37 "You place these bold Include lines just after the
<%sub sForumNavigation() line in inc_header.asp or inc_top.asp depending on version.
' ********* Hack Catch ******%> <!--#INCLUDE FILE="callSecure.asp" -->"
they seem like instructions to me One point KC, while I havent looked at the code so it may well throw errors on MySql I see no reason why it can't be done on MS SQL and after being made "mysql compliant" on mysql... the database changes can be made either through custom code or a database manager." |
Gizmo3 |
Posted - 02 March 2006 : 16:45:17 So how does this mod worm. There was no instruction. Do you just copy the files over to the forum.< |
KC |
Posted - 22 February 2006 : 12:25:04 Works great. Not a single hack even when the hacker had the login name and passowrd to staff memberships. |