| We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
| Preventing hackers from becoming root; An almost garanteed method | |
|---|---|
| Tweet Topic Started: May 21 2004, 12:10 PM (552 Views) | |
| Paper | May 21 2004, 12:10 PM Post #1 |
|
Member
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
OK, this really belongs in the trouble shooting section of the documentation. But I can't access it so I'll post it here. I doubt any admins here like hackers, especially hackers of their own boards. Although it is sussposed to be impossible to hack IF boards, people passwords are cracked. There is a way to stop crackers from becoming root. When you register, use a user name that is not your user name that you would like. Add a password that you are not going to use with the user you would to be. Now create another group and call it "administrators" that is based from the admin (ROOT) group. Create a new user with the user name and password you would like. Put that new user into the administrators group. With the "Admin (ROOT)" group, make sure the setting that hides it from the user list is enabled. With the first user (ROOT one), edit the member title and change it to Members. Don't post using the "Admin (ROOT)" user name, use the name you asigned to the "Administrator" group. This works because only ID1 can edit itself. ID1 is always the first user. No other admin's can. By not being root you only loose a few options, but still have control. If you ever need full control loggin as the root user, making sure your name doesn't appear in the online box. When hackers hack your user name, they will not be able to become root. So you can easily solve the issue. |
![]() |
|
| primexx | May 21 2004, 12:49 PM Post #2 |
|
Primexx - A Member Of InvisionFree
![]() ![]() ![]() ![]() ![]() ![]()
|
there are a few problems with your theory, for one thing, you cannot fully hide ID1 from the board, they will still be able to see it, and also even if you change the member title to members, the 'Group:' still displays admin, basically your "fool proof" plan is realy fool proof. |
![]() |
|
| Paper | May 21 2004, 04:20 PM Post #3 |
|
Member
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
Yes, but not unless you change the group name to "Member" and never ever post with it. Ever. Also delete the email address out. It's not fool proof, but it offers a better level of protection than just postign with root admin. Like the operating system Linux says, never use root unless you have too. They will eventually see ID1, but hopefully by the time they relize it will be too late, and you would have got control again. |
![]() |
|
| Chibi Dude | May 21 2004, 04:30 PM Post #4 |
![]()
Teh Minishrink
![]() ![]() ![]() ![]() ![]()
|
Hey hey hey, I like your style. Good thinking. I already made a backup account but I didn't really want to use it... meh. |
![]() |
|
| Wyvern | May 21 2004, 04:39 PM Post #5 |
|
CAVE STORY MANIA!!
![]() ![]() ![]() ![]()
|
Why not just use a password with a lot of letters, capital letters, and numbers in it? NO ONE can hack that. Make sure your E-mail has the same. .. I'm serious. |
![]() |
|
| Chibi Dude | May 21 2004, 04:42 PM Post #6 |
![]()
Teh Minishrink
![]() ![]() ![]() ![]() ![]()
|
Suppose your computer has been hacked. Period. |
![]() |
|
| Paper | May 21 2004, 05:04 PM Post #7 |
|
Member
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
I asume this is by using cookies, as other ways are unrealiable. So by having a non-root admin they coudl hack that non-root admin, but you could still loggin as root and top them. It's yet another security measure, if your baord is to valuable. Complex passwords may work, unless they hack the cookie, with your password in. Anyways, how do you back up all your topics and posts onto another board? |
![]() |
|
| Always Greener | May 22 2004, 03:33 AM Post #8 |
![]()
Member
![]() ![]() ![]() ![]()
|
I also have the similar approach but NOT the stupid one like this. |
![]() |
|
| RazorICE | May 22 2004, 03:47 AM Post #9 |
|
Is back for good... maybe evil.
![]() ![]() ![]() ![]() ![]() ![]()
|
This does not work if you have a keylogger installed on your computer and you dont even know its there. |
![]() |
|
| metzger_123-ZNS | May 22 2004, 03:48 AM Post #10 |
|
Join Project Horizon Now!!!
![]() ![]() ![]() ![]() ![]()
|
my best method would be to use a password that has numerals and letters. such as 3fH6eV49J <- that would be near impossible to crack. I know because i used to use password crackers at school, not on IF boards, so i wouldnt know much about the admin.php file. But i heard its got its flaws, so never think your safe! |
![]() |
|
| Deleted User | May 22 2004, 04:01 AM Post #11 |
|
Deleted User
|
Yeah, there's not much you can do if you don't make an effort to secure your system, your messengers, etc., your email, blah blah.. The best thing you can do is just to take reasonable security precautions in everything you do. It does no good to go through elaborate setups and then download a keylogger off some site or in your email, or use a school computer and forget to log out or whatever. That stuff happens all the time too. The easiest thing you can do is just to get a good password for your forum and the email account you use for it. They say at least 6 characters, mixed case and numbers, etc. 10 is better. 20 is beyond the scope of any normal cracker. 30 would probably take anyone who tried it so long to crack that IF itself would no longer exist by then. Most people think that's crazy and would take way too much effort, but my 30 character password takes me less than 2 seconds to type in because I've done it so many times. That's a lot less time than it would take to recreate your forum after somebody trashes it. |
|
|
| Paper | May 22 2004, 11:03 AM Post #12 |
|
Member
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
Fine, if my method is stupid then it's tupid. Although would you rather have an Admin hacked, or root admin? It's a security measure, and OK, it's not as fool proff as I orginally thought, but it's still useful. So what is so stupid about it? |
![]() |
|
| Nir | May 22 2004, 04:26 PM Post #13 |
![]()
Former IF Support Staff
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
*Quizbiz moves this topic to a better location |
![]() |
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · zIFBoards Discussion · Next Topic » |
| Track Topic · E-mail Topic |
10:47 AM Jul 11
|



![]](http://b1.ifrm.com/0/1/0/p601690/pipright.png)






10:47 AM Jul 11