Security For The bridged phpBB3 Forum

Worker Joined: Jul 20, 2008 Posts: 126 Location: Germany

I have RavenNuke and an integrated phpBB 3.0.2 forum. I want to ask if NukeSentinel protects the forum too or only the Nuke site?

Posted: Sun Aug 17, 2008 10:57 am

It only protects the Nuke part of your site. Although any IP's written to the .htaccess will block access to the forums, but first they would have to have attempted to hack your Nuke installation.

Posted: Sun Aug 17, 2008 11:05 am

I've moved this to the phpBB forum, instead of BB2Nuke, as technically this is a standalone installation of phpBB. I don't want people thinking that NS doesn't protect a BB2Nuke installation. Wink

Posted: Sun Aug 17, 2008 11:07 am

I've also tweaked the title. Wink

registered · Posted: Sun Aug 17, 2008 11:13 am

In general, Sentinel protects the entire site, as it looks the _GET and _POST super globals for all accesses. That includes the forums (on a normal Nuke or RavenNuke site).

However, I am not familiar with this phpBB3 bridge. Depending on how it "bridges" it could go either way. If the phpBB3 forums operates on it's own then Sentinel will not protect it. Personally I would not run this bridge until someone gets the two products integrated better.

Posted: Sun Aug 17, 2008 11:21 am

I have to add that phpBB3 seems to have been designed a lot better than stock Nuke with regards to security, and it may not need the protection of Sentinel (of course it can't hurt either).

registered · Posted: Tue Aug 19, 2008 6:27 am

Yeah, look to see if the "bridge" code is executed every time and that it includes mainfile.php fairly up-front in the processing cycle. Then there is a good chance that NS is also providing protection.

Posted: Tue Aug 19, 2008 8:33 am

The bridge is there to bridge your account, log in, private messages and such stuff. Basically everything regarding the account and registrations.

Posted: Tue Aug 19, 2008 8:35 am

I know what it is for, just not how it actually does the bridge. When you browse your phpBB3 forum, what do the URL's look like? Is it the more usual "m o d u l e s . p h p ? n a m e = Forums" or is it a phpBB3 URL?

(I had to mangle modules.php because the forum software here keeps trying to change it to forums.html. )

Posted: Tue Aug 19, 2008 9:16 am

http://mysite.com/forums/viewtopic.php?f=10&t=1&sid=5bfeb3fe43d41721..........

That's how it looks clicking a topic.

Posted: Tue Aug 19, 2008 11:31 am

Ok, thanks. It really is a bare-bones bridge then. It is not going through Nuke, so Sentinel will not be involved.

Posted: Tue Aug 19, 2008 1:23 pm

Well, it's really useful if you want a phpBB 3 forum in your Nuke site. I don't think that phpBB (3) forums are "that" insecure. I just wanted to know if NukeSentinel secures it. Razz

Now I know. Thanks.

Posted: Tue Aug 19, 2008 2:00 pm

And if you read my earlier post:

Gremmie wrote:

I have to add that phpBB3 seems to have been designed a lot better than stock Nuke with regards to security, and it may not need the protection of Sentinel (of course it can't hurt either).

you would see that I agree with that. I was just answering your question.

As far as being "useful" I don't know, it sounds more like a work in progress as many things aren't hooked up to Nuke yet (i.e. a hack).

I think Technocrat said he was going to design a CMS around phpBB3.