omshivaprakash
Right off the assembly line
PHPBB is one of the widely used bulletin board by OpenSource community.
Its not required to have programming knowledge to install this tool and can be easily adopted by newbies.
But we end up facing security issues once these bulletin boards become popular (at least due to search engine bots) if we don't take enough precautions to harden the code and along with the servers.
There have been many incidents in which servers got hacked just because a small security hole explored by hackers in PHPBB. Our very own clients here at my company were found to be fed up of such situations. It does not mean that we didn't warn them regarding the security issues, but some of them were not ready to face the customers/downtimes during the PHP recompiles (with suexec) etc which are suggested to harden the security (Many hosting companies do compile php as an apache module which makes system administrators job tough in nailing down the scripts causing load issues, hence it is recommended to have PHP running as CGI which makes a call to suexec to run the PHP script as its user).
It is very important to have a good SLAs where in customers are made aware of the security issues and their responsibility in maintaining is explained in detail.
It is not enough to have SLAs or security restrictions, they many not work out for many clients who have big software implementations on webservers. Hence we have to comeout with some solutions which can harden the security of script installations (for example: PHPBB). This can make your customer happy because he need not have to take down his server for a security maintenance or face downtimes after security hardening.
Yes, I understand that it is not a easy because all system administrators cannot program but I want you to introduce a simple tool which did help me to harden a PHPBB installation without any pain.
PHPBB Admin ToolKit v2.1 - Starfoxtj
Available at *starfoxtj.phpbbhelp.org/phpBB/toolkit/index.php
Easy to install and Simple to Use.
Bulletin Board administrations can have a gala time after quickly taking actions on security holes in a minute or two. All you need to do is download the zip file, extract toolkit.php and create admin password for the toolkit. Thats all.
This tool can be safely recommended to all our clients, so that they can add it in their recommended tool list for PHPBB users.
Here is an extract of the features listed for this tool :
Security Scan:
This security scan tool is designed to quickly summarize and display all important security related information in one page. It will check if your phpbb installation is up-to-date and (if permitted in the settings) if the Admin ToolKit is up-to-date. It will list all administrator accounts and moderator accounts, allowing you to easily spot imposters.
It will also scan all forum descriptions showing you the actual text it contains, and will highlight any potentially harmful information. The vast majority of defacements resulting from hacked boards are stored in the forums descriptions; using javascript, iframes and the like. You can then quickly check and remove any harmful information stored in these areas.
Security Scan Features:
• Easily determine your boards security status by listing the major causes to insecurity. (Fake admin accounts, outdated boards and harmful code)
• PHPBB Version check makes sure your PHPBB installation is updated. (99% of all hacks resulted from using outdated versions)
• Toolit Version check makes sure your Admin ToolKit installation is updated. (Can be disabled)
• Single-page listing of ALL administrator and moderator accounts on your forum. Making it easy to spot and ban/demote/delete any intruders.
• Scans ALL of your forum and site descriptions for any malicious information that can be used to "deface" a website. (The "Hacked By" messages are an example of a defaced site)
• Detected malicious descriptions can be "Sanitized". This converts the harmful code into non-harmful characters which can then be edited like normal text.
------------------------------------------------------------------------------
Try it out by your self if you still have any doubts.
It really rocks!!!
Its not required to have programming knowledge to install this tool and can be easily adopted by newbies.
But we end up facing security issues once these bulletin boards become popular (at least due to search engine bots) if we don't take enough precautions to harden the code and along with the servers.
There have been many incidents in which servers got hacked just because a small security hole explored by hackers in PHPBB. Our very own clients here at my company were found to be fed up of such situations. It does not mean that we didn't warn them regarding the security issues, but some of them were not ready to face the customers/downtimes during the PHP recompiles (with suexec) etc which are suggested to harden the security (Many hosting companies do compile php as an apache module which makes system administrators job tough in nailing down the scripts causing load issues, hence it is recommended to have PHP running as CGI which makes a call to suexec to run the PHP script as its user).
It is very important to have a good SLAs where in customers are made aware of the security issues and their responsibility in maintaining is explained in detail.
It is not enough to have SLAs or security restrictions, they many not work out for many clients who have big software implementations on webservers. Hence we have to comeout with some solutions which can harden the security of script installations (for example: PHPBB). This can make your customer happy because he need not have to take down his server for a security maintenance or face downtimes after security hardening.
Yes, I understand that it is not a easy because all system administrators cannot program but I want you to introduce a simple tool which did help me to harden a PHPBB installation without any pain.
PHPBB Admin ToolKit v2.1 - Starfoxtj
Available at *starfoxtj.phpbbhelp.org/phpBB/toolkit/index.php
Easy to install and Simple to Use.
Bulletin Board administrations can have a gala time after quickly taking actions on security holes in a minute or two. All you need to do is download the zip file, extract toolkit.php and create admin password for the toolkit. Thats all.
This tool can be safely recommended to all our clients, so that they can add it in their recommended tool list for PHPBB users.
Here is an extract of the features listed for this tool :
Security Scan:
This security scan tool is designed to quickly summarize and display all important security related information in one page. It will check if your phpbb installation is up-to-date and (if permitted in the settings) if the Admin ToolKit is up-to-date. It will list all administrator accounts and moderator accounts, allowing you to easily spot imposters.
It will also scan all forum descriptions showing you the actual text it contains, and will highlight any potentially harmful information. The vast majority of defacements resulting from hacked boards are stored in the forums descriptions; using javascript, iframes and the like. You can then quickly check and remove any harmful information stored in these areas.
Security Scan Features:
• Easily determine your boards security status by listing the major causes to insecurity. (Fake admin accounts, outdated boards and harmful code)
• PHPBB Version check makes sure your PHPBB installation is updated. (99% of all hacks resulted from using outdated versions)
• Toolit Version check makes sure your Admin ToolKit installation is updated. (Can be disabled)
• Single-page listing of ALL administrator and moderator accounts on your forum. Making it easy to spot and ban/demote/delete any intruders.
• Scans ALL of your forum and site descriptions for any malicious information that can be used to "deface" a website. (The "Hacked By" messages are an example of a defaced site)
• Detected malicious descriptions can be "Sanitized". This converts the harmful code into non-harmful characters which can then be edited like normal text.
------------------------------------------------------------------------------
Try it out by your self if you still have any doubts.
It really rocks!!!
Last edited:
