Is it possible to have another password for the ACP

Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
Forum rules
Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
Locked
exlarneman
Registered User
Posts: 7
Joined: Thu Feb 05, 2009 10:05 pm
Location: Geldrop, The Netherlands
Contact:

Is it possible to have another password for the ACP

Post by exlarneman »

Hello One and All,

Is it possible to have another password for the ACP? I am Moderator and use the same users name and password for Login and accessing the ACP. Is this the correct way to do it, or did I again miss something. After reading about the hacking of PHPList and the unmashing of the secure MD5 passwords I am wondering how to beef up my security. One password for 2 things feels a little unsafe. Interested to hear if this is so.

greetings

L

PS: I up to 70 fake approval requests a day from German IP's, Dutch IP's, British IP's, Israel IP's as well as Russian, Ukraine, Latvia and other old Soviet Block countries IP's. Never knew they were so interested in Irish Genealogy.
User avatar
ChrisRLG
Registered User
Posts: 160
Joined: Wed Oct 11, 2006 9:47 am
Contact:

Re: Is it possible to have another password for the ACP

Post by ChrisRLG »

what you could do is make use of a HTACCESS file for that folder (assuming you are on a linux server and not windows).

This might help.
http://httpd.apache.org/docs/1.3/howto/htaccess.html
User avatar
ric323
Registered User
Posts: 102
Joined: Sat Sep 29, 2007 1:09 pm
Location: Melbourne, Australia

Re: Is it possible to have another password for the ACP

Post by ric323 »

exlarneman wrote: Is it possible to have another password for the ACP? I am Moderator and use the same users name and password for Login and accessing the ACP.
Have one username for admin functions, and a second one for your normal use, and give them different passwords.
After reading about the hacking of PHPList and the unmashing of the secure MD5 passwords I am wondering how to beef up my security. One password for 2 things feels a little unsafe. Interested to hear if this is so.
Don't run other applications on the same web server as your board.
If you must, then be meticulous about keeping them up to date. (Even that didn't help phpbb.com, we were hacked before the patch for phplist was issued.)
Note, MD5 passwords are ONLY used for users imported from a phpBB2 board who have never logged in since you converted to phpBB3. Now would be a good time to purge anyone who has not logged into your board since you updated.
If you started with phpBB3, then this does not apply to you at all.
exlarneman
Registered User
Posts: 7
Joined: Thu Feb 05, 2009 10:05 pm
Location: Geldrop, The Netherlands
Contact:

Re: Is it possible to have another password for the ACP

Post by exlarneman »

Thanks for the tip but I am a "WINDOWS" users.

Which folder should I protected if I was Linux.?


greetings

L
User avatar
ric323
Registered User
Posts: 102
Joined: Sat Sep 29, 2007 1:09 pm
Location: Melbourne, Australia

Re: Is it possible to have another password for the ACP

Post by ric323 »

exlarneman wrote:Thanks for the tip but I am a "WINDOWS" users.

Which folder should I protected if I was Linux.?
So your web server software is IIS?
If it is on shared hosting, then you almost certainly do NOT have the facility to password protect folders. This is one of the many reasons that people prefer using Apache as the web server.
It is the ./adm folder you want to protect.
exlarneman
Registered User
Posts: 7
Joined: Thu Feb 05, 2009 10:05 pm
Location: Geldrop, The Netherlands
Contact:

Re: Is it possible to have another password for the ACP

Post by exlarneman »

ric323 wrote: Have one username for admin functions, and a second one for your normal use, and give them different passwords.
Would I have to do a normal Login and ACP when using the admin functions username or can I go directly to ACP Login?

ric323 wrote:Note, MD5 passwords are ONLY used for users imported from a phpBB2 board who have never logged in since you converted to phpBB3. Now would be a good time to purge anyone who has not logged into your board since you updated.
If you started with phpBB3, then this does not apply to you at all.
I read this but missed the need to purge the non-active members that you mentioned since moving from phpBB2 to phpBB3. What is the situation with those that have logged on but not changed their password since joining the phpBB2 Forum.
Do I need to request all the active members of my phpBB2 Forum now active on my phpBB3 Forum to change their passwords??

Thanks for the information.

greetings

L
exlarneman
Registered User
Posts: 7
Joined: Thu Feb 05, 2009 10:05 pm
Location: Geldrop, The Netherlands
Contact:

Re: Is it possible to have another password for the ACP

Post by exlarneman »

ric323 wrote: This is one of the many reasons that people prefer using Apache as the web server.
It is the ./adm folder you want to protect.
Thanks again, I am considering a change but need to find somebody local that knows a bit about Linux and Apache web server.

greetings

L
User avatar
ric323
Registered User
Posts: 102
Joined: Sat Sep 29, 2007 1:09 pm
Location: Melbourne, Australia

Re: Is it possible to have another password for the ACP

Post by ric323 »

exlarneman wrote:....
What is the situation with those that have logged on but not changed their password since joining the phpBB2 Forum.
Do I need to request all the active members of my phpBB2 Forum now active on my phpBB3 Forum to change their passwords??
That doesn't matter. Just logging in is enough for their password to get updated.
exlarneman
Registered User
Posts: 7
Joined: Thu Feb 05, 2009 10:05 pm
Location: Geldrop, The Netherlands
Contact:

Re: Is it possible to have another password for the ACP

Post by exlarneman »

Again Thanks - ric323 - for your information, time and support.

Now to to remove nearly half my membership but I will retain their postings.

greetings from Holland to those Down Under (is Melbourne also looking for snakes in the toilet and crocs to run over for new boots and handbags) :lol:

L ;)
User avatar
ric323
Registered User
Posts: 102
Joined: Sat Sep 29, 2007 1:09 pm
Location: Melbourne, Australia

Re: Is it possible to have another password for the ACP

Post by ric323 »

exlarneman wrote:... (is Melbourne also looking for snakes in the toilet and crocs to run over for new boots and handbags) :lol:
A retired football star was bitten by a deadly snake in suburban Melbourne just yesterday! ;)
http://news.theage.com.au/sport/afl/afl ... -7yir.html
Locked