The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
This is NOT for rookies!...
But if you can edit Access DB's loacally and know .asp, this is for you.
Details and DL on my Secure your Snitz website with Secondary Security page.
You pros are going to love this. It makes your higher level access virtualy bulletproof. Enjoy, and your welcome ;-}
< Moved to MOD Add-On Forum (W/Code) by Shaggy />
Details and DL on my Secure your Snitz website with Secondary Security page.
You pros are going to love this. It makes your higher level access virtualy bulletproof. Enjoy, and your welcome ;-}
< Moved to MOD Add-On Forum (W/Code) by Shaggy />
Owner of
Postet den
Looks nice. I'm checking it out as we speak.
Postet den
Works great.
Not a single hack even when the hacker had the login name and passowrd to staff memberships.
Postet den
So how does this mod worm. There was no instruction. Do you just copy the files over to the forum.<
Postet den
"You place these bold Include lines just after the
<%sub sForumNavigation() line in inc_header.asp or inc_top.asp depending on version.
' ********* Hack Catch ******%>
<!--#INCLUDE FILE="callSecure.asp" -->"
they seem like instructions to me
One point KC, while I havent looked at the code so it may well throw errors on MySql I see no reason why it can't be done on MS SQL and after being made "mysql compliant" on mysql... the database changes can be made either through custom code or a database manager."
<%sub sForumNavigation() line in inc_header.asp or inc_top.asp depending on version.
' ********* Hack Catch ******%>
<!--#INCLUDE FILE="callSecure.asp" -->"
they seem like instructions to me
One point KC, while I havent looked at the code so it may well throw errors on MySql I see no reason why it can't be done on MS SQL and after being made "mysql compliant" on mysql... the database changes can be made either through custom code or a database manager."
Postet den
Ya Jez, the code is pretty straight foward and could be modified to any platform, it's the concept that makes it work.
When someone with staff powers logs in (when their mLev is higher than 1 or 2 depending on version) I force another check to see if it really is them, and I do this by tracking their IP number in another db/login system.
If the current and saved IP's don't match, the staff member has to go to the speacial secret page you never link from anywhere and login with their member name and special password to reset their current IP address.
The best part is, none of the info in that little DB can be changed from the internet so nobody can edit it or add themselves. You FTP the DB down, add the new user, and send it back.
It's a pain for very active dial-up staff who's IP changes all the time, but a breeze for broadband guys.
It's worth the pain to track and know that regardless of any BBS security flaw or stolen staff info there is, no hacker is going to get any staff options unless he's sitting at their computer, and as we all know, you can't do anything to a web site without staff powers.
As mentioned, you need the skills to do it as I'm not a teacher or "document" making official mod guy.
I just pop in to share code when I can, and as I should. A system like this pretty much makes every "gain staff access" hack a moot point, and that was my goal.
*edit* One other note... Hackers are rare, but staff needs a good page to be sent to if they didn't re-set their IP from the new system so I changed the page they see to this: http://vales.com/duhh.html
hehhehe. At least it provides a smile ;-}
When someone with staff powers logs in (when their mLev is higher than 1 or 2 depending on version) I force another check to see if it really is them, and I do this by tracking their IP number in another db/login system.
If the current and saved IP's don't match, the staff member has to go to the speacial secret page you never link from anywhere and login with their member name and special password to reset their current IP address.
The best part is, none of the info in that little DB can be changed from the internet so nobody can edit it or add themselves. You FTP the DB down, add the new user, and send it back.
It's a pain for very active dial-up staff who's IP changes all the time, but a breeze for broadband guys.
It's worth the pain to track and know that regardless of any BBS security flaw or stolen staff info there is, no hacker is going to get any staff options unless he's sitting at their computer, and as we all know, you can't do anything to a web site without staff powers.
As mentioned, you need the skills to do it as I'm not a teacher or "document" making official mod guy.
I just pop in to share code when I can, and as I should. A system like this pretty much makes every "gain staff access" hack a moot point, and that was my goal.
*edit* One other note... Hackers are rare, but staff needs a good page to be sent to if they didn't re-set their IP from the new system so I changed the page they see to this: http://vales.com/duhh.html
hehhehe. At least it provides a smile ;-}