Ravens PHP Scripts: Forums
 

 

Search found 165 matches
Author Message
 Topic: RavenNuke 3
crypto

Replies: 167
Views: 310784

PostForum: RavenNuke / Raven CMS CMS Wiki   Posted: Tue Nov 05, 2013 2:43 pm   Subject: re: RavenNuke 3
I really wish I could give you one but there are still massive amounts of work to do. In fact, to all intents and purposes, it's almost a complete re-write but we are going as fast as we can.

I hop ...
 Topic: How to salt passwords?
crypto

Replies: 52
Views: 81463

PostForum: Security Issues   Posted: Wed Mar 27, 2013 7:21 am   Subject: How to salt passwords?
It's sad to hear that security enhancement got so low priority in this case. Let's hope that it won't take another 18 months to get this fixed.
 Topic: Enhancement for future release?
crypto

Replies: 1
Views: 4160

PostForum: RavenNuke(tm) v2.5x   Posted: Tue Mar 19, 2013 2:35 am   Subject: Enhancement for future release?
Background:
- Password policy in place = Current policy says that password has to be at least 10 characters long.

However, when you will recover password via Your_Account&op=pass_lost function ...
 Topic: How to salt passwords?
crypto

Replies: 52
Views: 81463

PostForum: Security Issues   Posted: Sat Mar 16, 2013 12:43 pm   Subject: re: How to salt passwords?
Although I will verify it is on our internal road map Smile

I'm pretty sure if a patch is released it would be unlikely to include anything regarding this; as it's not a "minor" issue.
This has been ...
 Topic: How to salt passwords?
crypto

Replies: 52
Views: 81463

PostForum: Security Issues   Posted: Mon Jun 11, 2012 3:27 am   Subject: re: How to salt passwords?
As nuken mentioned in his post on December 11th; it is something that is being looked at.
No one can say for certina when such a change will be made because there are so many, many things to consider ...
 Topic: How to salt passwords?
crypto

Replies: 52
Views: 81463

PostForum: Security Issues   Posted: Sat Jun 02, 2012 5:43 am   Subject: re: How to salt passwords?
What is the status of this? How this has been proceed?
 Topic: What spammer & anonymous email services do you block?
crypto

Replies: 23
Views: 32804

PostForum: Security Issues   Posted: Sun Feb 05, 2012 2:22 am   Subject: What spammer & anonymous email services do you block?
What spammer & anonymous email domains do you block in the yaUsersConfig (e.g. bugmenot / mailinator.com)? What about restricted user names?

Below list includes domains which were highlighted i ...
 Topic: Forum Thread Display Order
crypto

Replies: 16
Views: 23181

PostForum: Issues/Problems With This Site   Posted: Wed Feb 01, 2012 10:14 am   Subject: Forum Thread Display Order
In menu: newest tittle at TOP; inside the thread; newest post at last (bottom) as it is nowadays.
 Topic: When RavenNuke v2.5 will be released?
crypto

Replies: 20
Views: 17840

PostForum: v2.4 RN Announcements   Posted: Fri Jan 13, 2012 1:53 am   Subject: When RavenNuke v2.5 will be released?
Does TON use same news table as old module? Can it show old news as well, or just a news what has been published from TON user interface?
 Topic: When RavenNuke v2.5 will be released?
crypto

Replies: 20
Views: 17840

PostForum: v2.4 RN Announcements   Posted: Sat Jan 07, 2012 6:11 am   Subject: re: When RavenNuke v2.5 will be released?
Only Raven or Palbin could give you a date
Just curious... Could Raven or Palbin comment about the release schedule / target?

What new features are included in the v2.5?
 Topic: Feature request / User's Administration
crypto

Replies: 7
Views: 7487

PostForum: v2.4 RN Issues   Posted: Wed Jan 04, 2012 2:23 am   Subject: re: Feature request / User's Administration
in what we call removeuser and removeuserconf the userid is actually deleted from the users table.
Yes, this is what we are talking about (permanent remove/delete). This hack enables the administrat ...
 Topic: Feature request / User's Administration
crypto

Replies: 7
Views: 7487

PostForum: v2.4 RN Issues   Posted: Tue Jan 03, 2012 12:37 pm   Subject: Feature request / User's Administration
Would it be possible to have a feature / hack which removes all messages what user has wrote (when admin is deleting the user).

Current method (by yaUsers):
User's Administration > Deactived Us ...
 Topic: How to salt passwords?
crypto

Replies: 52
Views: 81463

PostForum: Security Issues   Posted: Sun Dec 18, 2011 1:07 pm   Subject: re: How to salt passwords?
This is something the RN Team will look at for future releases. RN 2.5 is too far along to add anything else to.
We know that scheduling is a hard task because there is lots to do and resources are l ...
 Topic: When RavenNuke v2.5 will be released?
crypto

Replies: 20
Views: 17840

PostForum: v2.4 RN Announcements   Posted: Sun Dec 11, 2011 3:26 pm   Subject: re: When RavenNuke v2.5 will be released?
How has the final testing phase succeed?

What is the estimated release time for RN 2.5?
 Topic: How to salt passwords?
crypto

Replies: 52
Views: 81463

PostForum: Security Issues   Posted: Sun Dec 04, 2011 9:58 am   Subject: re: How to salt passwords?
And, once a surge is identified by the host server it will cause the server handling that account to shut down automatically.

Not to mention NukeSentinel(tm)'s anti-flood measures (if you choose to ...
 Topic: SQL Injection Attack happening ATM, 4000+ sites infected
crypto

Replies: 3
Views: 6100

PostForum: Security Issues   Posted: Fri Dec 02, 2011 8:16 am   Subject: SQL Injection Attack happening ATM, 4000+ sites infected
There has been got [url=http://isc.sans.edu/diary/SQL+Injection+Attack+happening+ATM/12127]several reports of sites being injected with php-string. Typically code is inserted into several tables. Fro ...
 Topic: How to salt passwords?
crypto

Replies: 52
Views: 81463

PostForum: Security Issues   Posted: Thu Dec 01, 2011 2:58 am   Subject: re: How to salt passwords?

I can't imagine how fast a standard computer would have to be for it to run a "guessing game."
If you have a high-end home computer boosted with 8xAti Radeon 6970, it can calculate about RN hasn't ...
 Topic: How to salt passwords?
crypto

Replies: 52
Views: 81463

PostForum: Security Issues   Posted: Wed Nov 30, 2011 4:41 pm   Subject: re: How to salt passwords?
There are probably other settings we could use that would be as effective, if not more so, than upgrading MD5 encryption. For instance, not allowing dictionary names, or even people's names, not allow ...
 Topic: How to salt passwords?
crypto

Replies: 52
Views: 81463

PostForum: Security Issues   Posted: Wed Nov 30, 2011 3:31 pm   Subject: re: How to salt passwords?
In last few weeks media/press has reported many many cases where user logins and passwords have been stolen from websites. For example, today was published that UN email addresses, passwords and login ...
 Topic: How to salt passwords?
crypto

Replies: 52
Views: 81463

PostForum: Security Issues   Posted: Sat Nov 26, 2011 9:51 am   Subject: re: How to salt passwords?
These sites weren't using Ravennuke; they were using different CMS's. I'll send more info via PM.

These were case where attacker(s) got access to user data in way or in other, e.g. maybe they got r ...
 Topic: When RavenNuke v2.5 will be released?
crypto

Replies: 20
Views: 17840

PostForum: v2.4 RN Announcements   Posted: Sat Nov 26, 2011 6:49 am   Subject: re: When RavenNuke v2.5 will be released?
Thanks of the update!
 Topic: How to salt passwords?
crypto

Replies: 52
Views: 81463

PostForum: Security Issues   Posted: Sat Nov 26, 2011 6:33 am   Subject: re: How to salt passwords?
is there any evidence that passwords have been hacked in real world attacks.

Yes, there are several 'forum db user/pw theft' cases found out in last few months. I don't publish cases here so these ...
 Topic: How to force password change in every xx days?
crypto

Replies: 5
Views: 7551

PostForum: v2.4 RN Issues   Posted: Sat Nov 26, 2011 6:13 am   Subject: How to force password change in every xx days?
Is there any hack/module available which forces user to change password?

Feature request:

Password change should be able to be forced at one of the following ways:
1) by time range: every xx da ...
 Topic: Bug with password recovery
crypto

Replies: 2
Views: 4834

PostForum: v2.4 RN Issues   Posted: Sat Nov 26, 2011 5:53 am   Subject: re: Bug with password recovery
Thanks, this works fine!

There should be added also more characters to enhance security e.g.

$strs = 'aAbBcC2dDeEfF3gGhHjJ4kKmMnN5oOpPqQ6rRsStT7uUvVwW8xXyYzZ9!@#$%-+';

Can you add this fix to ...
 Topic: Bug with password recovery
crypto

Replies: 2
Views: 4834

PostForum: v2.4 RN Issues   Posted: Fri Nov 25, 2011 4:28 pm   Subject: Bug with password recovery
There is a bug regarding a password recovery:

Background:
- Password policy in place = Current policy says that password has to be at least 10 characters long.

However, when you will recover pa ...
 

 Jump to:   

Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©