vb.org Archive - View Single Post - Integrate ParaChat v7.0 Into vBulletin

hqarrse · #34 12-06-2010, 07:49 AM

Response:

Quote:

Thank you for contacting ParaChat Support. I apologize for the delay in responding to your inquiry. The vBulletin module to which you refer is not available for download from our web site at this time. Please note that all of our third-party integration modules are currently being re-developed, including the vBulletin integration module. The new modules will include a method to recognize calls where applicable, and will be available for download from our web site when they are completed. But utilization of the HTTP Authentication file itself is optional.

The HTTP authentication file is deployed on installations external to the ParaChat system, so its level of exposure from a security standpoint will vary from installation to installation. The Auto Log-in feature could be utilized exclusive of HTTP authentication. Also, if the HTTP authentication feature is used, your ParaChat service could be configured to limit the number of simultaneous connections allowed per IP address. However, the remedy for the issue as you describe it will be the utilization of the new module when released. We understand your concern, and genuinely appreciate your feedback on this topic.

A good point that even if you do protect the file, then the chat system itself can be used for brute force as there are no maximum tries, but I'm guessing that since this is via a java applet, it is more of a task for a hacker than just downloading an HTML form hacking tool.

Anyway, assuming Parachat come good with their updated module, then I am impressed with the response, although it did take a week. In the mean time you can look at your server log and see what IP address they are using to request autorisation on chat_autrh.php and limit access to it, so:

Code:

<Directory /mypath/mydirectory>
<Files chat_auth.php>
order deny,allow 
deny from all
allow from 64.13.158.89
</Files>
</Directory>

I don't know how often that IP address will vary. Time will tell I suppose - I'll watch my logs and wait for complaints.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01638 seconds Memory Usage 1,766KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code (1)bbcode_quote (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: