Admin Secure 1.7 Released

Support Mod Joined: Feb 15, 2004 Posts: 806

Admin Secure 1.7 comes with tons of new features: Safe Requests Mode will force any request strings containing dangerous strings signatures (union, join, exec, select, insert, grant, etc) translated as HTML entities; Safe HTML Strings will translating "<" and ">" characters into < and > entities, respectively. This will always prevent users submitting any of HTML formatted text. Both of them are extreme features intended for paranoid administrators. Smile

Another features are comes from people's requests: Site Close/Open option, Delete unapproved admins (even they're God Admins) in Admin Approval page, SQL injection and forbidden HTML tags deep scanning modes, visitor's tracking system, maximum allowable visitors at the same time, and more. Version 1.7 also comes with better appearances and layouts for conveniences.

Features:
- Blocking known PHP-Nuke exploits.
- Prevent fake admin account access through input requests.
- Blocking cross-site scripting in modules.php and index.php files.
- Ensuring admin account session taken from cookie.
- Prevent unauthorized admin account creation, deletion, and modification.
- Compare admin account validity through "mirrored" database table.
- Changes to admin accounts (create, edit, delete) require God admin approval.
- E-mail notification. An alert sent along with additional info.
- Banning system for accessing site and PHP-Nuke modules.
- Log site activities.
- Flood Protection.
- And more.

Changes in This Version:
- Add: Safe Requests Mode
- Add: Safe HTML Strings
- Add: Automatic Database Checking (thanks to Anonymous)
- Add: Automatic Database Optimization (thanks to Anonymous)
- Add: Site Close/Open option in Administration Panel
- Add: Unapproved admin accounts deletion from Administration Panel
- Add: Confirmation Prompt
- Add: Selectable Blocking page (either html page or server response codes)
- Add: SQL Injection deep scanning mode (thanks to Anonymous)
- Add: Illegal HTML Tags deep scanning mode (thanks to Anonymous)
- Add: Tracking System (thanks to John1000)
- Add: Maximum Site Visitors (thanks to John1000)
- Add: Send mail notification as MIME mail
- Add: Send mail notification using IMAP (if supported by server)
- Upd: Strengthen Admin Secure global variables
- Upd: Improve Admin Secure Administration Panel interface
- Upd: Improve SQL Injection checking algorithm
- Upd: Flood protection auto-disable in admin/user login
- Fix: False illegal html tags checking in phpbb/bb2nuke Forum preview mode
- Fix: False illegal html tags checking in Private Messages preview mode
- Fix: Corrupt downloaded ban/log files if gz output enabled by server

File details:
- ZIP Packed File 315,234 Bytes (MD5 File: DBF87AF247C4DF80394A9011C667370A)
- TGZ Packed File 259,624 Bytes (MD5 File: 2F1CD7E519B0BD2C0753C6CDDD9589C2)

Download Link:
- SourceForge (both file types)
- Author's Homepage (ZIP only, no account registration required)

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Very nice, how is the performance? I hear nothing but good about this.

Support Mod Joined: Feb 15, 2004 Posts: 806

Zhen-Xjell wrote:

Very nice, how is the performance? I hear nothing but good about this.

Performances are greatly improved since 1.6, and seem no differences in 1.7. But I let users decide whenever their site is a bit slower or not after AS installation.

Nuke Cadet Joined: May 29, 2004 Posts: 4

how do i make another account god admin?

Support Mod Joined: Feb 15, 2004 Posts: 806

chevy0 wrote:

how do i make another account god admin?

In Nuke admin menu, you can create another God admin by setting their "realname" as God and their nickname must be differ than another God admins. If Admin Secure installed, as "first" God Admin, you should approve this new account from AS Administration Panel.

Nuke Cadet Joined: May 29, 2004 Posts: 4

thanks!

and thanks for this nice script ;]

Nuke Cadet Joined: May 27, 2004 Posts: 6

Looks good. I have Protector installed at the moment. Does this have more features, it does appear so? Also could I install this alongside Protector or is it advisable to have one or the other? Thanks for a great addon and any help appreciated.

Posted: Sun May 30, 2004 2:31 am

Hello,

I downloaded the AS from author's website, there was no install.txt file. The only txt file was the readme. I will download it from SourceForge and see if there's an install.txt file. Without this file I am totally lost when it come to installation.

Corporal Joined: Aug 29, 2003 Posts: 71

A couple of questions:

a) It seems to only support Nuke up to 7.2, and no lower than 6.9? Is that right? My sites are 6.5 and 7.3!

b) Your install.txt (which I found in the zip) states: "At the the top of this script, below the "<?php" (PHP code start tag), add these new lines:". I assume this means AFTER the UTC if you have it installed?

Nuke Cadet Joined: May 30, 2004 Posts: 2

i have just installed AS 1.7 and there is problem. i can not enter to forum configuration. there is a blank page.
i use pure phpnuke 7.2.
anythig else seems work great.

Support Mod Joined: Feb 15, 2004 Posts: 806

Quote:

Looks good. I have Protector installed at the moment. Does this have more features, it does appear so? Also could I install this alongside Protector or is it advisable to have one or the other? Thanks for a great addon and any help appreciated.

Atko, As far as I know and heard, there's no conflicts between Protector System and Admin Secure.

Quote:

I downloaded the AS from author's website, there was no install.txt file. The only txt file was the readme. I will download it from SourceForge and see if there's an install.txt file. Without this file I am totally lost when it come to installation.

Foxy, the install.txt is in the root of archive file, not in the docs directory. Smile

Quote:

It seems to only support Nuke up to 7.2, and no lower than 6.9? Is that right? My sites are 6.5 and 7.3!

Admin Secure support PHP-Nuke 5.5 to 7.2 (7.3 was tested and runs fine, but Admin Secure does not offer tech support this version except for phpnuke clubs, until public version released).

cPortal is based on PHP-Nuke 5.5 and Admin Secure integrated with it. If you currently use PHP-Nuke 6.0 and below, be sure to edit asconfig.php and set $db_compat variable to non-zero.

Quote:

Your install.txt (which I found in the zip) states: "At the the top of this script, below the "<?php" (PHP code start tag), add these new lines:". I assume this means AFTER the UTC if you have it installed?

You can put the inclusion and path detection function either before or after UTC embedded code. This is only an script inclusion code. The actual Admin Secure execution is performed in the last mainfile.php file.

Quote:

i have just installed AS 1.7 and there is problem. i can not enter to forum configuration. there is a blank page. i use pure phpnuke 7.2.

This was a known issue that still has no solution, because only few people got this even compared to other with the same specs (but different server). If you are using phpbb/bb2nuke 2.0.8, open modules/Forums/admin/pagestart.php and try to find this line of code:

Code:

if ($cookie[2] == $row2['user_password'] && ($row2['user_password'] != "" && $row2['user_level'] == 2) && ($row[radminsuper] == 1 OR $row[radminforum] == 1)) {

Replace with:

Code:

if ($cookie[2] == $row2['user_password'] && ($row[radminsuper] == 1 OR $row[radminforum] == 1)) {

Or, if the above doesn't work, replace with:

Code:

if ($row[radminsuper] == 1 OR $row[radminforum] == 1) {

My advice to admins who installing phpbb/bb2nuke 2.0.8, get the latest patch of this mod from NukeCops and be sure to run the table upgrade scripts. I saw many people do upgrading by only copying and overwrites old forum script files without updating database tables. I hope this small solution can solve your problem. Smile

Nuke Soldier Joined: Apr 28, 2004 Posts: 10

Luv this mod Madman, Currently useing phpNuke 6.9, with all the security updates I can possibly find, along with Fortress, great tool and best part its small and easy to install, Admin Secure, wonderfull for admin protection, Protector for my main ban magement, and Sentinel for a backup incase anything odd should happen. I have each mod working without any conflictions or problems. Should see about getting together and sorting out one big security addon incorperating each mod into one admin panel with one install. Just a thought. Very Happy

-PK

Captain Joined: Jan 17, 2003 Posts: 629 Location: Europe

I hate Admin Secure as my IP has been banned on several sites when trying to submit news with simple html in them. Now I see only page 404.

May I suggest to not treat HTML as a mallicious code. Smile

Support Mod Joined: Feb 15, 2004 Posts: 806

Imago wrote:

I hate Admin Secure as my IP has been banned on several sites when trying to submit news with simple html in them. Now I see only page 404.

Not all html tags are restricted by Admin Secure. For example, text bold <b></b> is still allowed. Tags containing scripting code (or any malicious codes) will trigger security alerts, here some examples:

Code:

<a href="javascript:void()" onClick="window.alert('boo!');">Click here</a>
<span onLoad="document.href='http://foo.bar/hack.pl?id=destroy';">blabla</span>
<img src="admin.php?op=blabla" />

You'll see how html tags can also exploit your site (e.g. admin auto creation) and your users (e.g. cookie stealing). Html tags can also be used for site defacements or inject your site's visitors with malicious client-side scripting.

When submitting a news, try to keep following site's layout without having to use additional html formatting such as using style tag. I saw some nice "submit news" module replacements which only allow text formatting using bbcode style.

Imago wrote:

May I suggest to not treat HTML as a mallicious code. Smile

It is up to the site admin who using Admin Secure, because html filtering option is adjustable.

Corporal Joined: May 15, 2004 Posts: 64

A few questions....

What does this do, how do I install and is it very easy to install?