phpBB hacks: password security, anti robot login and a full board security system

phpBB uses its own authorisation/session handling, database abstraction layer and template systems, so there are numerous guides on how to use them to create your own modifications for phpBB2.0 and 3.0. Besides this, you can download a large number of quality addons for this popular forum software and here are a couple of security related ones. While I provided links to developers, I would suggest you to download the mods directly from phpBB homepage.

Password security

When a new password is entered, the user will receive a JavaScript warning alerting him of the change.

MOD Author: http://www.underhill.de

MOD Version 1.1.4

Installation Level: easy

Installation Time: 5 minutes

Files To Edit:

includes/usercp_register.php

templates/subSilver/profile_add_body.tpl

language/lang_english/lang_main.php

language/lang_english/lang_faq.php

Anti Robotic Login Flood

This mod will add a random-graphical-text security code field in Login form to protect your phpBB from being flooded of robotic-member-login

MOD Author: http://www.phpbbturkey.com

MOD Description:

MOD Version: 1.0.4

Installation Level: Intermediate

Installation Time: 20 Minutes

Files To Edit:

admin/admin_board.php

includes/constants.php

includes/functions.php

includes/page_header.php

login.php

index.php

templates/subSilver/admin/board_config_body.tpl

templates/subSilver/login_body.tpl

templates/subSilver/index_body.tpl

language/lang_english/lang_admin.php

language/lang_english/lang_main.php

CrackerTracker Professional G5

CrackerTracker Professional G5 is the 5th generation of the famous board security system. It features:

  • Worm & Exploit protection Unit with heuristic engine and more than 280 definitions
  • SQL Injection detector for GET, POST, … Vars
  • Attack Counter function
  • Checksum Scanner to detect PHP Files wich were changed
  • Recovery System for the board configuration table
  • 8 different footer layouts
  • File Security Scanner wich detects general security issues in phpBB Files
  • Global Message Function
  • IP Blocker Engine
  • Proxy Blocker Engine
  • UserAgent Blocker Engine
  • Comfortable LOG Manager to view attack logfiles and manage the files
  • Selftest system
  • Automatically check file permissions on the logfiles
  • Show Security Tipps for your Server and Board
  • Maintenance function
  • “Miserable User” function to easily block userposts in viewtopic.php
  • Adjustable main logfile size
  • Completely new and modern layout in ACP and Forum
  • Every feature can easily be activated or deactivated over ACP
  • Search Flood Protection for Guests and Users
  • Login Brute Force Protection System
  • Detect wrong Logins and save them in your logfile
  • Login History for Users
  • IP Range Scanner to detect account abuse
  • Spammer Detection System
  • Detect human registered Spammer (Spam Detection Boost)
  • Spammer Keyword Detection for Posts and Profile
  • Registration Protection
  • Registration IP Scanning
  • Account Password Expire Function
  • Account Password Complexity Function
  • Account Password Length Control
  • Emergency console wich can restore board configuration Table without running phpBB
  • Password Reset Flood Protection
  • Massmail Protection System
  • Auto Recovery Board Settings
  • Visual Confirmation for Guest Postings
  • Protect from “Throw Away Mailservices”
  • Automatically detect misconfiguration of sensible Board Settings
  • Very fast code and OOP with Class Files etc.
  • Protect from overwriting sensible vars

MOD Author: http://www.cybercosmonaut.de

MOD Version: 5.0.4

Installation Level: Moderate

Installation Time: 40 minutes

Files To Edit:

common.php

login.php

posting.php

search.php

viewtopic.php

admin/admin_board.php

admin/admin_ranks.php

admin/admin_smilies.php

admin/admin_styles.php

admin/admin_user_ban.php

admin/admin_users.php

admin/admin_words.php

includes/auth.php

includes/constants.php

includes/emailer.php

includes/functions.php

includes/functions_post.php

includes/page_header.php

includes/page_tail.php

includes/smtp.php

includes/usercp_email.php

includes/usercp_register.php

includes/usercp_sendpasswd.php

templates/subSilver/overall_footer.tpl

templates/subSilver/overall_header.tpl

templates/subSilver/posting_body.tpl

templates/subSilver/subSilver.cfg