Author |
Topic |
KC
Junior Member
USA
152 Posts |
Posted - 07 December 2005 : 16:27:00
|
This is NOT for rookies!... But if you can edit Access DB's loacally and know .asp, this is for you.
Details and DL on my Secure your Snitz website with Secondary Security page.
You pros are going to love this. It makes your higher level access virtualy bulletproof. Enjoy, and your welcome ;-}
< Moved to MOD Add-On Forum (W/Code) by Shaggy /> |
Owner of vales.com and Elite Computers. |
Edited by - Shaggy on 08 December 2005 05:53:42 |
|
DJGray
New Member
USA
68 Posts |
Posted - 08 December 2005 : 11:07:00
|
Looks nice. I'm checking it out as we speak. |
|
|
KC
Junior Member
USA
152 Posts |
Posted - 22 February 2006 : 12:25:04
|
Works great. Not a single hack even when the hacker had the login name and passowrd to staff memberships. |
Owner of vales.com and Elite Computers. |
|
|
Gizmo3
Junior Member
130 Posts |
Posted - 02 March 2006 : 16:45:17
|
So how does this mod worm. There was no instruction. Do you just copy the files over to the forum.< |
This account was hacked into by Image, a very honest guy as you all can see! Stealing people's passwords is his pasttime. Beware of this, before you register at his forums! |
|
|
Jezmeister
Senior Member
United Kingdom
1141 Posts |
Posted - 02 March 2006 : 19:01:37
|
"You place these bold Include lines just after the
<%sub sForumNavigation() line in inc_header.asp or inc_top.asp depending on version.
' ********* Hack Catch ******%> <!--#INCLUDE FILE="callSecure.asp" -->"
they seem like instructions to me One point KC, while I havent looked at the code so it may well throw errors on MySql I see no reason why it can't be done on MS SQL and after being made "mysql compliant" on mysql... the database changes can be made either through custom code or a database manager." |
|
|
KC
Junior Member
USA
152 Posts |
Posted - 27 March 2006 : 13:33:43
|
Ya Jez, the code is pretty straight foward and could be modified to any platform, it's the concept that makes it work.
When someone with staff powers logs in (when their mLev is higher than 1 or 2 depending on version) I force another check to see if it really is them, and I do this by tracking their IP number in another db/login system.
If the current and saved IP's don't match, the staff member has to go to the speacial secret page you never link from anywhere and login with their member name and special password to reset their current IP address.
The best part is, none of the info in that little DB can be changed from the internet so nobody can edit it or add themselves. You FTP the DB down, add the new user, and send it back.
It's a pain for very active dial-up staff who's IP changes all the time, but a breeze for broadband guys.
It's worth the pain to track and know that regardless of any BBS security flaw or stolen staff info there is, no hacker is going to get any staff options unless he's sitting at their computer, and as we all know, you can't do anything to a web site without staff powers.
As mentioned, you need the skills to do it as I'm not a teacher or "document" making official mod guy.
I just pop in to share code when I can, and as I should. A system like this pretty much makes every "gain staff access" hack a moot point, and that was my goal.
*edit* One other note... Hackers are rare, but staff needs a good page to be sent to if they didn't re-set their IP from the new system so I changed the page they see to this: http://vales.com/duhh.html
hehhehe. At least it provides a smile ;-} |
Owner of vales.com and Elite Computers. |
Edited by - KC on 27 March 2006 13:46:04 |
|
|
ILLHILL
Junior Member
Netherlands
341 Posts |
|
Billbo
Starting Member
USA
9 Posts |
Posted - 08 May 2006 : 09:31:03
|
I would like to implement this nifty security feature but can't seem to download your SecureSnitz1.0.zip file. Is it still available? Thanks. |
Bill Bowen IS Manager KC-135 ATS |
|
|
KC
Junior Member
USA
152 Posts |
Posted - 04 February 2008 : 11:32:26
|
It's back up again now. I cleaned up my server Billbo and this must have been deleted.
As mentioned this is not a "drop in fix" for rookies. It is the building blocks for how to add a second virtually bulletproof level of security to your site no matter how a person gains Mod or even Admin privledges.
I could give you my Admin login and you couldn't get in. I could make you a Mod and you couldn't get in anymore until I manually added you to this 2nd level. I could make you an Admin and added you but you could'nt make anyone else a mod or admin either. Well, you could with admin powers, but they would just get the banned page when they tried to login.
I would have just posted all the instructions and DL links to the .zip files here but I have my server protected from being able to DL any .mdb or .zip file from anything but a link on my sites too, and of course there are not even any links to DL any .mdb files.
It's 2008 now (the Superbowl was down the street from me yesterday) and I have still never had any "Higher Member Level" breech of any kind. |
Owner of vales.com and Elite Computers. |
|
|
designgoddess
Starting Member
USA
11 Posts |
Posted - 14 February 2008 : 11:45:03
|
Well I have a similiar question...I am wondering two things: 1) is there a way to hold registration and have regisration get emailed to the admin for approval? 2) if we were to wipe out the user names in the db and have everyone reregisterw ould they be able to use the same user name as previously? |
|
|
KC
Junior Member
USA
152 Posts |
Posted - 13 April 2009 : 12:29:25
|
Note that this mod has a couple of updates as of 2009 and the link at the top is still good.
Considering I posted this back in 2005 and still using it should tell you something. I have had my share of staff level forum hack attempts and all failed. I actually get a smile when I read the log of their tries and then ban their IP's ;-}
|
Owner of vales.com and Elite Computers. |
|
|
Etymon
Advanced Member
United States
2385 Posts |
|
KC
Junior Member
USA
152 Posts |
|
Etymon
Advanced Member
United States
2385 Posts |
Posted - 13 April 2009 : 15:08:14
|
Great! Thanks KC! |
|
|
SiSL
Average Member
Turkey
671 Posts |
|
~Katherine
Starting Member
1 Posts |
Posted - 14 April 2009 : 17:56:05
|
Great! Now. Any suggestions for getting rid of spambots?
~K~
quote: Originally posted by KC
This is NOT for rookies!... But if you can edit Access DB's loacally and know .asp, this is for you.
Details and DL on my Secure your Snitz website with Secondary Security page.
You pros are going to love this. It makes your higher level access virtualy bulletproof. Enjoy, and your welcome ;-}
< Moved to MOD Add-On Forum (W/Code) by Shaggy />
|
|
|
Topic |
|