Archive for myfreeforum.org Before posting please check the "stickies" in the support forums.
Please ask questions in real English and not "txt". You will get a better response.
Please do not ask support questions via PMs.
 


       myfreeforum.org Forum Index -> PhpBB3 General Support
Primastar

Security Questions please

Hi

I am a moderator on a forum powered by PHP. I would like some help in one area please.

Lately we have had a few issues regarding a handful of members and we think that a previous admin guy may have handed the database password to one of the members in good faith in the past in order that he may be able to help.

Lately we cannot rule out the possibility that that password is now being misused. The forum keeps being taken off line for 10 to 20 minutes at a time for no apparent reason then being restored in the small hours of the morning. One theory is that the individual who helped out has leaked the passwords to someone else or is using them himself.

So far as I understand there are only 2 ways anyone can get into the database and read the posts in the moderator section, please correct me if I am wrong

1) The user would need an admin account where he can log in as himself then log into the ACP
2) The user would need the database password, set at initial inception.

The logs have been looked at and there is no record of any admin password being used at that time, which leaves the possibility of the database itself being accessed. The problem is that we can't allow the possibility of members seeing what moderators have written in Global Moderators.

questions

1) Am I correct in my understanding?
2) If I am right to be suspicious of a someone being able to access the database etc, can we change the password on that?

I'm sorry I'm so vague and have little information here. The problem is that I am a moderator, and not admin. The site owner is as we speak fed up of the situation and the only other person with admin control is fairly busy at the moment.

Thanks
Bravo

Please check the posting checklist:

Quote:
1. You must give the (myfree/myfast/myfine)forum.org link/address of your forum. A link should be given to the problem if at all possible. Do this whether you think it is important or not. DO NO GIVE YOUR OWN DOMAIN LINK IT MUST BE THE NAME YOU CREATED HERE.
2. Search on the forum and on howtodoit for your problem before posting. 90% of the posts we get have easily found answers if you search on a couple of key words from your post. If this is not the case report the keywords you searched on and we will make sure search works for the next person to try the same search terms. Each time someone doesn't bother to use the search, questions accumulate in the forum making it harder for people to actually find answers! as people searching will end up finding the question and not the answer.
3. Keep it to one support question per thread, if you have another question start a new topic. This will help others using "search" to find answers.
Primastar

Fair enough, I had checked that but was unable to find the answer to 1

1) It is or was http://thed2boysclub.myfineforum.org

It has now been moved to a new domain

2) I did a search on the bar and the How to do it sections. I couldn't find the answer I searched database passwords

3) My question is how do I change the password for the database? I understand this would have initially been created when it was started.

Just to add I also searched both areas for Password change, Database password and Database password change.
Nick(NR)

They wont have the database password, let alone any direct access to edit or view any information stored within it, there may be a couple of things that could point towards why it may be happening....

1. may be a server issue when backups take place, so you would need to log the time it happens, so admin can check if it coincides with the backups we make.
2. someone may have admin access on their account, but would be a little hard to find on phpbb2, but on phpbb3 however it should be easier to see in the admin logs as any deleted logs would show in the admin logs with the name of the admin deleting said logs(thus poorly hiding what their doing)

Not sure if I can identify anymore reasons why at this point......
Primastar

Thanks Nick, much appreciated

       myfreeforum.org Forum Index -> PhpBB3 General Support
Page 1 of 1
Create your own free forum | Buy a domain to use with your forum