Additional Security Stuff

You are not logged in. [Log In] ubbDev » Forums » Vintage Modifications » UBB.Threads v6.x Modifications
» Archived Modifications » Additional Security Stuff

Topic Options

#238392 - 02/28/03 10:50 AM Additional Security Stuff
Raconteur_dup1 Member Registered: 01/29/03 Posts: 258 Loc: SF, CA	Well, just as the old addage goes, necessity IS the mother of invention. Hopefully this is not re-inventing a wheel that already exists in the ThreadsDev repertoire, but here it is. As a result of some pretty malicious activity on our site I put these little tweaks together to keep a better eye on folks. You may find some of it useful. <br /> <br /> <br />Mod Name / Version - Additional Security Stuff 1.0 <br /> <br />Description - This collection of modifications allows you to monitor potentially undesirable clientele by revealing IP info to the admins and moderators. <br /> <br />Working Under - UBB.Threads 6.2.2 <br /> <br />Pre-requisites - none <br /> <br />Author - Raconteur - for discussions and bug reports come to www.threadsdev.com or email []chris@syngnathid.org[/] <br /> <br />Files Altered - /admin/showusers.php, showprofile.php, /templates/default/showprofile.tmpl <br /> <br />Caveats - None <br /> <br />Backup your files before doing any modifing of your code. Attachments 71313-Additional Security Stuff.txt (37 downloads) _________________________ "Some dream of doing great things, while others stay awake and get on with it." ��-- Anonymous
Top

#238393 - 02/28/03 11:15 PM Re: Additional Security Stuff [Re: ]
JoshPet I type Like navaho Registered: 11/29/01 Posts: 11330 Loc: Charlotte, NC	Thanks... you are catching on with posting your own mods. <img src="/forum/images/graemlins/wink.gif" alt="" /> Good work. <img src="/forum/images/graemlins/smile.gif" alt="" /> _________________________ Joshua Pettit www.JoshuaPettit.com My abilities are for hire.
Top

#238394 - 03/01/03 12:42 PM Re: Additional Security Stuff [Re: Daine]
Gardener Addict Registered: 05/11/99 Posts: 1956 Loc: Sweden, Uppsala	Yes, that is really good. I think all these extra security mods should be included in the main distribution, if they don't add any extra load at least. At the very least I will use the mods as soon as I've updated to 6.2. _________________________ /Gardener \| Complete list of my mods
Top

#238395 - 03/01/03 10:59 PM Re: Additional Security Stuff [Re: c0bra]
smilesforu Junior Member Registered: 01/31/02 Posts: 676	Tried to get this one installed with directions last night. Might be me but I had a tough time using the text"find" command while editing files. Had to manually search the files for tiny snippets then replace. Figure thats why I got the errors... Anybody install from directions yet?
Top

#238396 - 03/02/03 04:45 PM Re: Additional Security Stuff [Re: Kelly]
Raconteur_dup1 Member Registered: 01/29/03 Posts: 258 Loc: SF, CA	Hey Marty, <br /> <br />Not sure what you mean... are you having troubles with your editor's search function or problems finding the text to replace? <br /> <br />This may actually be a problem with MY editor... I think I saved the file with line-feeds at column 79 for formatting purposes. <br /> <br />Let me know and I will update if necessary. <br /> <br />Sorry... _________________________ "Some dream of doing great things, while others stay awake and get on with it." ��-- Anonymous
Top

#238397 - 03/02/03 08:56 PM Re: Additional Security Stuff [Re: ]
smilesforu Junior Member Registered: 01/31/02 Posts: 676	Finding the text to replace. Seems the format doesn't match whats in my files even though most of it looks the same. I had some serious trouble tryng to copy and paste. I was manually searching for lines and this is a fairly large job... It didn'come out clean on my end so undid what I had started. <br /><br />Not sure what the best method to upload the files to threadsdeve is, some work very easier than others. I will give it a go again on a new file.<br /><br />No problems or worries ...I like the toys if I can get them to work <img src="/forum/images/graemlins/smile.gif" alt="" />
Top

#238398 - 03/04/03 10:01 AM Re: Additional Security Stuff [Re: Kelly]
Raconteur_dup1 Member Registered: 01/29/03 Posts: 258 Loc: SF, CA	Ok... I reformatted it. Give that a try and let me know if it is better for you. _________________________ "Some dream of doing great things, while others stay awake and get on with it." ��-- Anonymous
Top

#238399 - 03/05/03 04:01 AM Re: Additional Security Stuff [Re: ]
smilesforu Junior Member Registered: 01/31/02 Posts: 676	Appreciate it... gonna be at least a week before I can get to this. Will give it a go right after I get the update done.
Top

#238400 - 03/06/03 05:34 PM Re: Additional Security Stuff [Re: Kelly]
Daemon_dup1 Member Registered: 02/18/03 Posts: 173 Loc: Clitheroe, Lancs	ok i've installed this and can't see any differance, what am i looking for? _________________________ Kind Regards Dave Askew www.world-pool.co.uk
Top

#238401 - 03/06/03 05:53 PM Re: Additional Security Stuff [Re: kkezeor]
Raconteur_dup1 Member Registered: 01/29/03 Posts: 258 Loc: SF, CA	When you view a user's profile as a mod or admin you will see their registration IP and current IP if they are online. You will also see their IP in the showusers pages which results from selecting users from the admin panel. _________________________ "Some dream of doing great things, while others stay awake and get on with it." ��-- Anonymous
Top

#238402 - 03/06/03 05:57 PM Re: Additional Security Stuff [Re: ]
Daemon_dup1 Member Registered: 02/18/03 Posts: 173 Loc: Clitheroe, Lancs	hmmm dont see anything. Any suggestions?<br />Do i have to turn it on in the admin section or something?<br /> _________________________ Kind Regards Dave Askew www.world-pool.co.uk
Top

#238403 - 03/06/03 06:02 PM Re: Additional Security Stuff [Re: kkezeor]
Raconteur_dup1 Member Registered: 01/29/03 Posts: 258 Loc: SF, CA	Nope... nothing to turn on. Should just work. Go to Admin and select users. There should be a new column in the result table that has Registration IP in it. _________________________ "Some dream of doing great things, while others stay awake and get on with it." ��-- Anonymous
Top

#238404 - 03/06/03 06:12 PM Re: Additional Security Stuff [Re: ]
Daemon_dup1 Member Registered: 02/18/03 Posts: 173 Loc: Clitheroe, Lancs	hmm looks like i'm being thick. I must have uploaded the back by accident duhhhh what year is it.<br /><br />I uploaded the hacked version and tried viewing a profile and got an error, so i must have done it wrong somewhere....i'm going to try and do this again tonight <img src="/forum/images/graemlins/smile.gif" alt="" /> _________________________ Kind Regards Dave Askew www.world-pool.co.uk
Top

#238405 - 03/06/03 06:13 PM Re: Additional Security Stuff [Re: kkezeor]
Raconteur_dup1 Member Registered: 01/29/03 Posts: 258 Loc: SF, CA	Let me know how it works, Dave. Good luck! _________________________ "Some dream of doing great things, while others stay awake and get on with it." ��-- Anonymous
Top

#238406 - 03/06/03 06:57 PM Re: Additional Security Stuff [Re: ]
Daemon_dup1 Member Registered: 02/18/03 Posts: 173 Loc: Clitheroe, Lancs	ok tried it again and saw the extra fields when I went to a users profile but they were empt and this error appear at the top of the page:<br /><br />SQL ERROR: Fri, Mar 07 2003 00:54:45 +0000 Database error only visible to forum administrators<br /><br />Warning: Supplied argument is not a valid MySQL result resource in /var/www/vodatones.com/html/ubb/mysql.inc.php on line 130<br /><br /><br />Any idea's? _________________________ Kind Regards Dave Askew www.world-pool.co.uk
Top

#238407 - 03/06/03 11:13 PM

Re: Additional Security Stuff [Re: kkezeor]

Raconteur_dup1 Offline

Member

Registered: 01/29/03
Posts: 258
Loc: SF, CA

Are you the admin on this board? That SQL error only shows if you are not the admin... Look for:

Code:

<br />// Show IPs on user profile screen for Admins and Mods - CB added 2/28/03<br />	$query = "<br />		SELECT O_CurrentIP<br />		FROM {$config['tbprefix']}Online<br />		WHERE O_Uid = '$UNumber'<br />	";<br /><br />	$stj = $dbh -&gt; do_query($query);<br />	list($curIP) = $dbh -&gt; fetch_array($stj);<br /><br />	if (($thisuser['U_Status'] == "Administrator") || ($thisuser['U_Status'] == "Moderator")) {<br />		$IPInfo = "<br />			&lt;tr&gt;<br />				&lt;td valign=\"top\" class=\"darktable\"&gt;Reged IP&lt;/td&gt;<br />				&lt;td&gt;$RegIP&lt;/td&gt;<br />			&lt;/tr&gt;<br />			&lt;tr&gt;<br />				&lt;td valign=\"top\" class=\"darktable\"&gt;Current IP&lt;/td&gt;<br />				&lt;td&gt;$curIP&lt;/td&gt;<br />			&lt;/tr&gt;<br />		";<br />	}<br /><br />---------------------------------------------------------------------<br />

in your showprofile.php... this stuff relys on another mod, and I didn't realize it was in there. Make it look like this:

Code:

<br />// Show IPs on user profile screen for Admins and Mods - CB added 2/28/03<br />	if (($thisuser['U_Status'] == "Administrator") || ($thisuser['U_Status'] == "Moderator")) {<br />		$IPInfo = "<br />			&lt;tr&gt;<br />				&lt;td valign=\"top\" class=\"darktable\"&gt;Reged IP&lt;/td&gt;<br />				&lt;td&gt;$RegIP&lt;/td&gt;<br />			&lt;/tr&gt;<br />		";<br />	}<br />---------------------------------------------------------------------<br />

You will not see the current IP for logged in users because that requires JustDave's Current IP mod. Sorry for the hassle... I have been pretty sick lately and haven't been thinking clearly. I will update the attachment. Cheers, Chris

_________________________
"Some dream of doing great things, while others stay awake and get on with it."
��-- Anonymous

Top

#238408 - 03/07/03 03:46 AM Re: Additional Security Stuff [Re: ]
Daemon_dup1 Member Registered: 02/18/03 Posts: 173 Loc: Clitheroe, Lancs	Hey,<br />Ok I've changed it and I see the new column under the show/edit users section in the admin section. 9/10 of them show the IP as "127.0.0.1" though.<br />Also when I click on a users name on the whose online the "reged ip" section just shows a number rather than an IP, others show nothing.<br />I tried a few names at random and clicked on them from the "who's online" box.<br />For example:<br />Reged IP "5" (is 1 users) <br />Reged IP "5" (another user)<br />Reged IP "" (another user (nothing there)<br />Reged IP "1" (another user)<br /><br />Any idea's? _________________________ Kind Regards Dave Askew www.world-pool.co.uk
Top

#238409 - 03/07/03 09:32 AM Re: Additional Security Stuff [Re: kkezeor]
JoshPet I type Like navaho Registered: 11/29/01 Posts: 11330 Loc: Charlotte, NC	You imported from Classic.... I'm not sure if Classic captured that info or not. <br /><br />Do you get a real IP if you click on a newly registered user?<br /><br />Your database would be limited to what data was imported.<br /><br />Allen... Dave? Does Classic Capture registration IP... if so, does the importer handle it correctly? _________________________ Joshua Pettit www.JoshuaPettit.com My abilities are for hire.
Top

#238410 - 03/07/03 11:55 AM Re: Additional Security Stuff [Re: Daine]
Daemon_dup1 Member Registered: 02/18/03 Posts: 173 Loc: Clitheroe, Lancs	ahh i'm not bothered, given up on this 1 lol thanks for the help anyway <img src="/forum/images/graemlins/smile.gif" alt="" /> _________________________ Kind Regards Dave Askew www.world-pool.co.uk
Top

Previous Topic

Index

Next Topic

Hop to: