1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

PHPBB Protection

Discussion in 'vBulletin' started by just-4-teens, Feb 27, 2006.

  1. #1
    I am running a phpbb portal, and i found this in the .htaccess file im guessing it helps protect agains some naughty things ;)

    just pop this into your .htaccess file in main forum/portal root

    
    # prevent access from santy webworm a-e
    RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 [OR]
    RewriteCond %{QUERY_STRING} ^(.*)rush=\%65\%63\%68 [OR]
    RewriteCond %{QUERY_STRING} ^(.*)rush=echo [OR]
    RewriteCond %{QUERY_STRING} ^(.*)echr(.*) [OR]
    RewriteCond %{QUERY_STRING} ^(.*)esystem(.*) [OR]
    RewriteCond %{QUERY_STRING} ^(.*)union(.*) [OR]
    RewriteCond %{QUERY_STRING} ^(.*)UNION(.*) [OR]
    RewriteCond %{QUERY_STRING} ^(.*)alert\(document(.*) [OR]
    RewriteCond %{QUERY_STRING} ^(.*)SQL_INJECTION(.*) [OR]
    RewriteCond %{QUERY_STRING} ^(.*)wget\%20
    RewriteRule ^.*$ http://127.0.0.1/ [R,L]
    
    # prevent pre php 4.3.10 bug
    RewriteCond %{HTTP_COOKIE}% s:(.*):\%22test1\%22\%3b
    RewriteRule ^.*$ http://127.0.0.1/ [R,L]
    
    # prevent perl user agent (most often used by santy)
    RewriteCond %{HTTP_USER_AGENT} ^lwp.* [NC]
    RewriteRule ^.*$ http://127.0.0.1/ [R,L]
    
    Code (markup):
     
    just-4-teens, Feb 27, 2006 IP
    SedNaX likes this.
  2. BryceW

    BryceW Active Member

    Messages:
    141
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    85
    #2
    There are other things you can do to protect your PHPBB.
    A good thing you can do is replace the "Powered by PHPBB" with a image version. It was how the worms (for which that .htaccess was needed) found the forums. It is also how script kiddies find unpatched PHPBBs using Google.

    You can also relocate your admin folder.
     
    BryceW, Feb 27, 2006 IP
    SedNaX likes this.
  3. SedNaX

    SedNaX Active Member

    Messages:
    1,326
    Likes Received:
    59
    Best Answers:
    0
    Trophy Points:
    90
    #3
    should taht script also work in phpnuke?? :) sorry i'm a reaaaaaaly nooob at .htaccess and server like things... :)
     
    SedNaX, Mar 5, 2006 IP
  4. just-4-teens

    just-4-teens Peon

    Messages:
    3,967
    Likes Received:
    168
    Best Answers:
    0
    Trophy Points:
    0
    #4
    yes, it should help protect you a bit
     
    just-4-teens, Mar 5, 2006 IP
  5. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #5
    The best protection for phpBB forums these days is to convert to vBulletin or SMF. Their so-called "development team" has been taken over by teenagers, as far as I can tell. The current idea of support is a mish-mash of conflicting and version 2/version 3 hybrid patches. My prediction is that version 3 will never actually be released or by the time it finally is their user base will have evaporated. That's what happens when you base a marketing and development strategy on the Betamax and then staff your team with high school kids studying for their midterm exams and getting high at the sock hop.

    Signed, a disgruntled ex-phpBB fan.
     
    minstrel, Mar 5, 2006 IP
  6. SedNaX

    SedNaX Active Member

    Messages:
    1,326
    Likes Received:
    59
    Best Answers:
    0
    Trophy Points:
    90
    #6
    okay thanks i just added it to my site :) thanks again!
     
    SedNaX, Mar 5, 2006 IP
  7. gprime

    gprime Guest

    Messages:
    85
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #7

    Even if that is the case, I don't think its right to assume that their issues stem from have some teenagers on staff. UseBB is created and run by a teen and its quite good. That said, you're probably right about the fate of version 3.
     
    gprime, Mar 5, 2006 IP
  8. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #8
    You're right. I'm not trying to insult teens. I'm really just saying the phpBB team doesn't seem to know what the hell they're doing any more. They're probably pre-teens :D
     
    minstrel, Mar 5, 2006 IP
  9. aspidov

    aspidov Well-Known Member

    Messages:
    2,875
    Likes Received:
    272
    Best Answers:
    0
    Trophy Points:
    175
    #9
    hehe. so true.... i would love to be an ex-fan of phpbb, but i am just too afraid to learn new templating systems.
     
    aspidov, Mar 5, 2006 IP
  10. SedNaX

    SedNaX Active Member

    Messages:
    1,326
    Likes Received:
    59
    Best Answers:
    0
    Trophy Points:
    90
    #10
    well i guess you're all right here, i do want to convert to vB, but that €160 prevents me doing that (i don't have that money..... :( )
     
    SedNaX, Mar 6, 2006 IP
  11. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #11
    SedNaX, try Simple Machines (SMF): http://www.simplemachines.org/

    It is free (open source) and offers many of the features/benefits of vBulletin plus a few of its own. Well constructed software, good support. And the conversion from your phpBB forum is smooth and easy.
     
    minstrel, Mar 6, 2006 IP
  12. RectangleMan

    RectangleMan Notable Member

    Messages:
    2,825
    Likes Received:
    132
    Best Answers:
    0
    Trophy Points:
    210
    #12
    I also have started using Mybb which is very interesting and has some great features. It's imho the closest you can get to VB for FREE. It's also a growing project and doing very well. It utilizes some excellent features like caching, reputation, and user control panel. Check it out BEFORE you go to VB.

    http://www.mybboard.org

    It also has a phbb converter. Create a subdomain like test.yorudomain.com and do an install and conversion...see if you like it.
     
    RectangleMan, Mar 6, 2006 IP
  13. SedNaX

    SedNaX Active Member

    Messages:
    1,326
    Likes Received:
    59
    Best Answers:
    0
    Trophy Points:
    90
    #13
    hmm this looks a really good one, i've heard of it once but never went to their site. :)

    i'll try it out when i'm done removing phpnuke (with that horrible bbtonuke forum that's 2 updates behind phpbb:mad: and couuuntless bugs)!

    labrocca: the link is down?
     
    SedNaX, Mar 7, 2006 IP
  14. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #14
    minstrel, Mar 7, 2006 IP