Admin Secure is an add-on script (not a module, block, nor else) for PHP-Nuke web portal system. This add-on gives you additional protection scheme only for
admin accounts from hacking activities, but will not prevent another hacking methods such as DoS (denial of service), hammering, session spoofing, backdoors, port
scanning, system exploit, root access, etc. Admin Secure will monitoring suspicious SQL Injection activities as well as illegal administration access for your
PHP-Nuke based website.
- Blocking SQL Injection through input requests.
- Prevent illegal admin account access through input requests.
- Blocking external file inclusion for module handler.
- Filtering illegal scripting code from input variables.
- Ensure admin account session taken from cookie.
- Prevent illegal admin account creation, deletion, and modification.
- Compare admin access validity through "mirrored" database table.
- Any changes on admin accounts (create, edit, delete) require approval.
- E-mail notification. An alert sent along with additional info.
- Scheduled automation tasks.
- And many more.
Changes On This Version
- Add: Safe Requests Mode (see configuration.txt)
- Add: Safe HTML Strings (see configuration.txt)
- Add: Automatic Database Checking (see configuration.txt)
- Add: Automatic Database Optimization (see configuration.txt)
- Add: Site Close/Open option in Administration Panel
- Add: Unapproved admin accounts deletion from Administration Panel
- Add: Confirmation Prompt (see configuration.txt)
- Add: Selectable Blocking page (either html page or server response codes)
- Add: SQL Injection deep scanning mode
- Add: Illegal HTML Tags deep scanning mode
- Add: Tracking System (see configuration.txt)
- Add: Maximum Site Visitors (see configuration.txt, thanks to John1000)
- Add: Send mail notification as MIME mail
- Add: Send mail notification using IMAP (if supported by server)
- Upd: Strengthen Admin Secure global variables
- Upd: Improve Admin Secure Administration Panel interface
- Upd: Improve SQL Injection checking algorithm
- Upd: Flood protection auto-disable in admin/user login
- Fix: False illegal html tags in phpbb/bb2nuke Forum preview mode
- Fix: False illegal html tags in Private Messages preview mode
- Fix: Corrupt downloaded ban/log files if gz output enabled by server
| |
