MyBB Community Forums

hello ...

im glad to share this plugin with you guys its called (( MyBB Full Security System 1.1 ))

i made it two months ago and i post it in (( MyBB Arabic Community )) ...

and when i did`t recive any complaining about it i decided to post it in here ...

1- how could it helps me ?
it secured your forum from any hacker ...
and when anybody tries to use some suspious codes in your forum he/she is gonna redirect to warning page
and his/her ip address and important info's about the attempt will catched in "/bb/sec/log_file.txt" ...

suspicous codes such as :
HTML , java script , php code , Sql-Injectios

secendley it secured your forum from :

Xss ( Cross site Scripting )
Remote File\Local Include
SQL-Injection
Remote Code Excute

2- how can i install it on my forum ?
upload "sec.php" to inc/plugins
and upload the folder "/sec/" to your forum main folder "/bb/"

activate it from your admincp ...
That`s all ...

by the way ...
it works on 1.2 and 1.4

Thanks!
I'm going to try this...

seems nice i would like my site to be even more secured although mybb is the most secure script itself
thanks a lot

(2008-11-10, 04:24 AM)siopk Wrote: [ -> ]seems nice i would like my site to be even more secured although mybb is the most secure script itself
thanks a lot

okay i`ll be here if you needed anything ...
enjoy it

Hey thanks for this. I'm waiting for next version. If there any possibilities to make HotLinking protection? Thanks.

I have more problem with this plugin because when i see the second page of users' list appear me the access denied....

oh i missed this plugin. you have to add it to mods site too. and look very secure

If it outputs to "/bb/sec/log_file.txt", wouldnt that be a security vulnerability, and a leak of data (shows ip and details.)

It would be much better if the ip was logged in a table in the database.

This one has a problem! It says I'm hacking my own forum when I want to go to Store. Using MyStore.

how can i test this? ive tried everything i know and no warning is appearing. Is this something to do with SQL injection via login,url,etc. Or is there a specific way you have to attempt this to get the warning?