[n] Template Security

[n] Template Security 1.1.0

No permission to download
Overview Updates (1) Reviews (2) History Discussion
nanocode

nanocode

Active member
Apantic submitted a new resource:

[A] Template Security - Enhance the security on your site for yourself and for your members.

Enhance the security on your site using this very basic add-on. There has been a surprising increase in malicious attacks to XenForo sites through injection of malicious code into your templates. Limiting the access of all templates to yourself and a small handful may not always be a possibility, so this add-on allows you to limit certain templates to certain users, reducing vulnerability to key templates like login handlers, page_container, change password pages, etc. in case a staff...
Click to expand...

Read more about this resource...
 
Last edited:
Small bug present (forgot a bracket). Going to fix this in 1.1, which is also going to feature support for template modification changes, as a way to circumvent this. Give me a few moments.
 
Apantic updated [A] Template Security with a new update entry:

1.1.0 Update

Feature Additions:
  • Alerts will now be sent to all super admins if a restricted template is attempted to be modified
  • This template now supports checking template modifications the same way, to prevent circumvention through that system

Bug fixes:
  • No longer supports all template cases being lowercase. Template case MUST be as is normally (so PAGE_CONTAINER, helper_user_form, etc. page_container will *not* work). This caused a bug in previous...
Click to expand...

Read the rest of this update entry...
 
I have no idea what templates need to be protected, lol. Do I just install it and then use those 4 examples you have listed in the overview?

Will this add-on help to prevent this problem that happened to another forum?.....
The malicious code was added to the login templates using a staff member's account who had their login details compromised.
Click to expand...
 
Last edited:
viper357 said:
I have no idea what templates need to be protected, lol. Do I just install it and then use those 4 examples you have listed in the overview?

Will this add-on help to prevent this problem that happened to another forum?.....
Click to expand...
That'd be some of the basics (in the overview), so yeah, they're some good examples to start with.

It'll help, though not completely prevent but it'll attempt to prevent and definitely alert for manual review.
 
Somebody must've data dumped my password(s) from another forum because my PS account recently got hacked and I have been worried about my forum's security as well so thank you very much for this add-on.
 
@Apantic a few silly questions...

In the zip file for 1.1.0, there is a zip file for 1.0.0 included...any reason?

Also, in the upload directory there is an xml file in /install/data. I'm not used to seeing anything in the upload folders of an addon other than library, js, or styles...does this file need to be uploaded into the data directory?

For reference, I use Chris D's install & upgrade but the zip uploader screws up the file placement sometimes so I unzip all the addons, combine everything into one set of folders for upload, rip the xml's to another folder then upload all the files and use old skool to run all the xmls simultaneously. So I just noticed the funky file and figured I'd ask...
 
Floyd R Turbo said:
In the zip file for 1.1.0, there is a zip file for 1.0.0 included...any reason?
Click to expand...
Nope, just the older version made available there.

Floyd R Turbo said:
Also, in the upload directory there is an xml file in /install/data. I'm not used to seeing anything in the upload folders of an addon other than library, js, or styles...does this file need to be uploaded into the data directory?
Click to expand...
No, that's just another way to install from the .xml. We attached one you can upload, or you can upload from server using that link (so install from install/data/addon-blah.xml)

Floyd R Turbo said:
For reference, I use Chris D's install & upgrade but the zip uploader screws up the file placement sometimes so I unzip all the addons, combine everything into one set of folders for upload, rip the xml's to another folder then upload all the files and use old skool to run all the xmls simultaneously. So I just noticed the funky file and figured I'd ask...
Click to expand...
Can you rephrase this, sorry? It won't work with Chris D's installer but you can upload the files manually and it'll work fine.
 
Although this add-on takes a bit of tweaking, it's certainly worth the time and effort it requires.

Once installed, if/when the non-Superadmin tries to Save All Changes on a 'protected' template they'll see…

Screen Shot 2016-07-30 at 8.23.40 PM.webp

Or if they choose the Save and Exit button, they'll see…

Screen Shot 2016-07-30 at 8.31.18 PM.webp
Meanwhile, as soon as any revision is attempted (to protected templates), you'll see an Alert about such...
Screen Shot 2016-07-30 at 9.12.12 PMa.webp
 
Last edited:
You must log in or register to reply here.

Similar threads

AndyB
Security lock manager [Paid]
Replies
2
Views
236
AndyB
AndyB
X
Template Phrase Store [Paid]
Replies
2
Views
312
Xon
X
CedricV
PalworldForums.net - Your Ultimate Palworld Community!
Replies
7
Views
961
Vercingetorix
Vercingetorix
digitalpoint
[DigitalPoint] Security & Passkeys
10 11 12
Replies
223
Views
12K
digitalpoint
digitalpoint
AcidCat
Custom Homepage
Replies
0
Views
967
AcidCat
AcidCat
Top Bottom