Previous Thread
Next Thread
Print Thread
Rate Thread
Verify IP of Admin logging in
#57391 03/03/2004 4:41 PM
Joined: Dec 2003
Posts: 40
Nate Offline OP
Member
OP Offline
Member
Joined: Dec 2003
Posts: 40
Up until now, the only safeguard against the cookie-stealing vulnerability has been mega-mod, which allows an Admin to do admin actions in the forums w/o worrying about his cookie being stolen and used to access the CP.

Instead of having to use mega-mod, it would be great if there were a mod that simply checked the first x digits of the IP address of the person trying to login to the CP, to see if it matched the IP on record for that Admin.

Granted, the last few digits of an IP change from time to time, but the first x digits are usually pretty much the same. And if the Admin's IP did ever change, he could always go into FTP and make the necessary adjustments.

Sponsored Links
Re: Verify IP of Admin logging in
#57392 03/03/2004 5:01 PM
Joined: Jun 2001
Posts: 2,849
Spotlight Winner
Offline
Spotlight Winner
Joined: Jun 2001
Posts: 2,849
I agree. I've mentioned this many times before but not by checking IP. I've been a victim of cookie theft and it was obviously not a pleasant experience though I happened to be on the board within minutes after my password was changed and i got into the FTP and renamed ultimatebb.cgi to .bak. That shut the board off in a hurry.

I would love to see something like this added to the core of UBB. I brought up having a second password that would be asked for after the UBB password was presented. I've settled for surfing the board as a non-admin (megamod) and in reality it is a good solution. There's really no reason I HAVE to be logged in as an admin all the time.

Anyway, back to the subject. I agree that this would be a good thing.

Re: Verify IP of Admin logging in
#57393 03/03/2004 7:28 PM
Joined: Jan 2000
Posts: 5,796
Likes: 8
UBB.Dev / UBB.Wiki Owner
Time Lord
Online Tapedshut
UBB.Dev / UBB.Wiki Owner
Time Lord
Joined: Jan 2000
Posts: 5,796
Likes: 8
Why not just set a disallow to your cp.cgi file through .htaccess? I'm not entirely sure of the code but it shouldn't be too large of a hassle to read up on.


UBB.Dev - Putting Dev into UBB.threads
Company: VNC Web Services - UBB.threads Scripts and Scripting, Install and Upgrade Services, Site and Server Maintenance.
Forums: A Gardeners Forum, Scouters World, and UGN Security
UBB.Threads: My UBB Themes, UBB.Sitemaps
Re: Verify IP of Admin logging in
#57394 03/04/2004 12:37 AM
Joined: Jun 2001
Posts: 2,849
Spotlight Winner
Offline
Spotlight Winner
Joined: Jun 2001
Posts: 2,849
That would work but only for certain people on certain servers. I think a hack or mod should be UBB centric and available to all. *shrugs* I don't think having a separate CP password is a bad idea. It would cerrtainly kill the cookie issue once and for all.

Re: Verify IP of Admin logging in
#57395 03/04/2004 12:58 AM
Joined: Dec 2003
Posts: 40
Nate Offline OP
Member
OP Offline
Member
Joined: Dec 2003
Posts: 40
I have to agree here, a second CP password would be more 'portable' than an IP match. And it certainly would bury the cookie issue. As a matter of fact, wouldn't it also solve the issue of moderators being able to let themselves into the CP?

Sponsored Links
Re: Verify IP of Admin logging in
#57396 03/04/2004 1:24 AM
Joined: Jan 2000
Posts: 5,796
Likes: 8
UBB.Dev / UBB.Wiki Owner
Time Lord
Online Tapedshut
UBB.Dev / UBB.Wiki Owner
Time Lord
Joined: Jan 2000
Posts: 5,796
Likes: 8
You can ban moderators from accessing the cp; look in the 6.4-6.7 mods section, I believe it's a fairly short mod.


UBB.Dev - Putting Dev into UBB.threads
Company: VNC Web Services - UBB.threads Scripts and Scripting, Install and Upgrade Services, Site and Server Maintenance.
Forums: A Gardeners Forum, Scouters World, and UGN Security
UBB.Threads: My UBB Themes, UBB.Sitemaps
Re: Verify IP of Admin logging in
#57397 03/04/2004 2:44 PM
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
Offline
Admin Emeritus
Joined: Jan 2000
Posts: 5,073
For 6.6 and 6.7, it's very short indeed - built right into the code. You can thank me later. wink


UBB.classic: Love it or hate it, it was mine.
Re: Verify IP of Admin logging in
#57398 03/04/2004 6:32 PM
Joined: Jun 2001
Posts: 2,849
Spotlight Winner
Offline
Spotlight Winner
Joined: Jun 2001
Posts: 2,849
I already thanked you CC, I've been modding moderators out for some time.

Re: Verify IP of Admin logging in
#57399 03/04/2004 9:05 PM
Joined: Dec 2003
Posts: 40
Nate Offline OP
Member
OP Offline
Member
Joined: Dec 2003
Posts: 40
Built right into the code? Is it automatic or do I need to toggle something? At any rate, thank you Charles!

Now back to the CP double password mod-- would it be better if it were made so that each Admin has his own second password, or else if the second password was associated with the CP rather than with the individual Admin (in other words, the second password would be the same for any admin).

Re: Verify IP of Admin logging in
#57400 03/05/2004 12:59 AM
Joined: Jun 2001
Posts: 2,849
Spotlight Winner
Offline
Spotlight Winner
Joined: Jun 2001
Posts: 2,849
I think it would be great to have a second password for each admin, there's more accountability that way. My wife and I are the only two admins that Netwerkin has ever had but some sites have quite a few of them.

Sponsored Links
Re: Verify IP of Admin logging in
#57401 03/05/2004 1:01 AM
Joined: Jan 2000
Posts: 5,796
Likes: 8
UBB.Dev / UBB.Wiki Owner
Time Lord
Online Tapedshut
UBB.Dev / UBB.Wiki Owner
Time Lord
Joined: Jan 2000
Posts: 5,796
Likes: 8
The making it so mod's can't access the CP is built into the code, it's a VERY MINOR modification to the board that even my dog could do. As I previously stated, look through the mod's section.


UBB.Dev - Putting Dev into UBB.threads
Company: VNC Web Services - UBB.threads Scripts and Scripting, Install and Upgrade Services, Site and Server Maintenance.
Forums: A Gardeners Forum, Scouters World, and UGN Security
UBB.Threads: My UBB Themes, UBB.Sitemaps
Re: Verify IP of Admin logging in
#57402 03/05/2004 1:22 AM
Joined: Dec 2003
Posts: 40
Nate Offline OP
Member
OP Offline
Member
Joined: Dec 2003
Posts: 40
Ah, didn't know it was a mod, thought it might be part of the stock code.

...found it!

Thanks.

Re: Verify IP of Admin logging in
#57403 03/05/2004 11:59 AM
Joined: Jan 2000
Posts: 5,796
Likes: 8
UBB.Dev / UBB.Wiki Owner
Time Lord
Online Tapedshut
UBB.Dev / UBB.Wiki Owner
Time Lord
Joined: Jan 2000
Posts: 5,796
Likes: 8
Quote
Originally posted by Gizzy:

You can ban moderators from accessing the cp; look in the 6.4-6.7 mods section, I believe it's a fairly short mod.
No one listens to lil ole me cry


UBB.Dev - Putting Dev into UBB.threads
Company: VNC Web Services - UBB.threads Scripts and Scripting, Install and Upgrade Services, Site and Server Maintenance.
Forums: A Gardeners Forum, Scouters World, and UGN Security
UBB.Threads: My UBB Themes, UBB.Sitemaps

Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
Posts: 70
Joined: January 2007
Forum Statistics
Forums63
Topics37,533
Posts293,731
Members13,834
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online 255
Topics Created 0
Posts Made 1
Users Online 3
Birthdays 22
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,796
Greg Hard 4,625
Top Posters(30 Days)
isaac 7
driv 3
Gizmo 1
Top Likes Received
isaac 34
Gizmo 8
Brett 7
Morgan 2
Top Likes Received (30 Days)
isaac 1
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2020 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 7.7.5
(Snapshot build 20200315.dev)
Responsive Width:

PHP: 5.4.45 Page Time: 0.066s Queries: 40 (0.025s) Memory: 3.3456 MB (Peak: 3.5519 MB) Data Comp: Zlib Server Time: 2020-03-28 16:51:34 UTC
Valid HTML 5 and Valid CSS