UBB.Developers Forums UBB.classic V6.4 - 6.7 Modifications V6 Mod Ideas 2nd moderator password

Okay, please bear with me for a second. I have been giving a lot of thought to security because of some recent events. I no longer post as an admin. My wife and I are moderators and have an admin account safely stashed that never ever logs into the board directly. That affords me a lot of protection but still gives a person that steals my cookie the ability to cause damage.

How difficult would it be to write a hack that allows a second password for each moderator that isn't visible or able to be changed in the users profile. Every time a moderator wanted to perform a function that required a check for moderator status a window would pop-up that requested the person to enter the second password. This way even if a moderators cookie was hijacked the person couldn't perform moderator functions. This combined with no admin accounts being used to post with would provide a lot more security, and better nights sleep for a lot of us.

Any thoughts?

I wanted something like this too, because with the way they got your pass TheX it's safe to say other people know this cookie stealing technique.

I'd like to see this.

I guess this isn't as important to people that haven't had it happen to them. Haha, seems like a great idea to me.

I agree with you TheX, i saw it happen twice on our forum. We were very lucky because the control panel isn't where it should be, so they could only delete topics, wich is serious enough though.

I have searcht for the method that was used and it seems to be that this is a huge vulnerability.
Is there any news from the MD5 encryption method on passwords/cookies jet?
Infopop has to give this issue a number one priority.

My hosting company has the MD5 encryption ready for me now and when I implemented the hack I got a version error from Dynaloader looking for v2.16 and finding v2.20. It should be running sometime today though. I'm sure that Infopop is giving this a high priority. They do have to balance efficiency, load, and ease of installation and portablility of UBB as a whole.

That's why I think that the haxxors of the UBB world need to put some of their attention to the short term.