Hello One and All,
Is it possible to have another password for the ACP? I am Moderator and use the same users name and password for Login and accessing the ACP. Is this the correct way to do it, or did I again miss something. After reading about the hacking of PHPList and the unmashing of the secure MD5 passwords I am wondering how to beef up my security. One password for 2 things feels a little unsafe. Interested to hear if this is so.
greetings
L
PS: I up to 70 fake approval requests a day from German IP's, Dutch IP's, British IP's, Israel IP's as well as Russian, Ukraine, Latvia and other old Soviet Block countries IP's. Never knew they were so interested in Irish Genealogy.
Is it possible to have another password for the ACP
Forum rules
Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
-
- Registered User
- Posts: 7
- Joined: Thu Feb 05, 2009 10:05 pm
- Location: Geldrop, The Netherlands
- Contact:
Re: Is it possible to have another password for the ACP
what you could do is make use of a HTACCESS file for that folder (assuming you are on a linux server and not windows).
This might help.
http://httpd.apache.org/docs/1.3/howto/htaccess.html
This might help.
http://httpd.apache.org/docs/1.3/howto/htaccess.html
Starfoxtj Toolkit
ASAP member since 2004 - MS MVP (Windows Security) member since 2005
Live phpBB3 Forum
ASAP member since 2004 - MS MVP (Windows Security) member since 2005
Live phpBB3 Forum
Re: Is it possible to have another password for the ACP
Have one username for admin functions, and a second one for your normal use, and give them different passwords.exlarneman wrote: Is it possible to have another password for the ACP? I am Moderator and use the same users name and password for Login and accessing the ACP.
Don't run other applications on the same web server as your board.After reading about the hacking of PHPList and the unmashing of the secure MD5 passwords I am wondering how to beef up my security. One password for 2 things feels a little unsafe. Interested to hear if this is so.
If you must, then be meticulous about keeping them up to date. (Even that didn't help phpbb.com, we were hacked before the patch for phplist was issued.)
Note, MD5 passwords are ONLY used for users imported from a phpBB2 board who have never logged in since you converted to phpBB3. Now would be a good time to purge anyone who has not logged into your board since you updated.
If you started with phpBB3, then this does not apply to you at all.
-
- Registered User
- Posts: 7
- Joined: Thu Feb 05, 2009 10:05 pm
- Location: Geldrop, The Netherlands
- Contact:
Re: Is it possible to have another password for the ACP
Thanks for the tip but I am a "WINDOWS" users.
Which folder should I protected if I was Linux.?
greetings
L
Which folder should I protected if I was Linux.?
greetings
L
Re: Is it possible to have another password for the ACP
So your web server software is IIS?exlarneman wrote:Thanks for the tip but I am a "WINDOWS" users.
Which folder should I protected if I was Linux.?
If it is on shared hosting, then you almost certainly do NOT have the facility to password protect folders. This is one of the many reasons that people prefer using Apache as the web server.
It is the ./adm folder you want to protect.
-
- Registered User
- Posts: 7
- Joined: Thu Feb 05, 2009 10:05 pm
- Location: Geldrop, The Netherlands
- Contact:
Re: Is it possible to have another password for the ACP
Would I have to do a normal Login and ACP when using the admin functions username or can I go directly to ACP Login?ric323 wrote: Have one username for admin functions, and a second one for your normal use, and give them different passwords.
I read this but missed the need to purge the non-active members that you mentioned since moving from phpBB2 to phpBB3. What is the situation with those that have logged on but not changed their password since joining the phpBB2 Forum.ric323 wrote:Note, MD5 passwords are ONLY used for users imported from a phpBB2 board who have never logged in since you converted to phpBB3. Now would be a good time to purge anyone who has not logged into your board since you updated.
If you started with phpBB3, then this does not apply to you at all.
Do I need to request all the active members of my phpBB2 Forum now active on my phpBB3 Forum to change their passwords??
Thanks for the information.
greetings
L
-
- Registered User
- Posts: 7
- Joined: Thu Feb 05, 2009 10:05 pm
- Location: Geldrop, The Netherlands
- Contact:
Re: Is it possible to have another password for the ACP
Thanks again, I am considering a change but need to find somebody local that knows a bit about Linux and Apache web server.ric323 wrote: This is one of the many reasons that people prefer using Apache as the web server.
It is the ./adm folder you want to protect.
greetings
L
Re: Is it possible to have another password for the ACP
That doesn't matter. Just logging in is enough for their password to get updated.exlarneman wrote:....
What is the situation with those that have logged on but not changed their password since joining the phpBB2 Forum.
Do I need to request all the active members of my phpBB2 Forum now active on my phpBB3 Forum to change their passwords??
-
- Registered User
- Posts: 7
- Joined: Thu Feb 05, 2009 10:05 pm
- Location: Geldrop, The Netherlands
- Contact:
Re: Is it possible to have another password for the ACP
Again Thanks - ric323 - for your information, time and support.
Now to to remove nearly half my membership but I will retain their postings.
greetings from Holland to those Down Under (is Melbourne also looking for snakes in the toilet and crocs to run over for new boots and handbags)
L
Now to to remove nearly half my membership but I will retain their postings.
greetings from Holland to those Down Under (is Melbourne also looking for snakes in the toilet and crocs to run over for new boots and handbags)
L
Re: Is it possible to have another password for the ACP
A retired football star was bitten by a deadly snake in suburban Melbourne just yesterday!exlarneman wrote:... (is Melbourne also looking for snakes in the toilet and crocs to run over for new boots and handbags)
http://news.theage.com.au/sport/afl/afl ... -7yir.html