Version 5.0.2
Cracker Tracker Professional


Download: http://www.cback.de/cback_software/modd ... sional.zip
More info: www.cback.de

i had this mod on my forum
this mod is very good but has a bad thing
this mod will update very fast
in last two month the author of this mod released 5 version
it takes a lot of time to keep this mod up to date
i think if you keep your phpbb up to date, nobody can hack you

I agree. I had this MOD installed in the 4.x.x versions and there where too many updates to keep up with. it is too bulky for what it does and half the bots it blocks can be done with a robots.txt.

another thing
this mod has a feature that block spammers
i saw onetime that googlebot recegnized an spammer by this mod and banned its IP address

if you want to use this mod its better to disable spam block feature in this mod

It's a good software but as said, with some limitations.

The anti spam system must perform time stat (number of connection / sec) if Google ip was banned, isn't there a way to set up the time taken into account to an lower value, so that Bot crawls would not be detected as spam ?

erm....
phpBB dev's have an alternate point of view :

Acyd Burn wrote:Crack(er)Tracker is a mod i would never ever recommend or include.

theres also a post from graham, see :
http://area51.phpbb.com/phpBB/viewtopic.php?p=157896

Graham wrote:There are generally much more effective ways to do what those MODs claim to do at the server level instead which also has the advantage of not altering the code

This is so true. Beside it's a lot faster to do it at the server level.

Then, I agree the vast majority of hacking attempts logged by this software or by phpbbsecurity for example will be false positive, and for sure this is not said enough. But, these are still hacking attempts.
No big deal if your website just gets scanned for known security issues only affecting outdated versions, but you should still care about these attempts to become a bit too repeated in time.
And it's not that easy to find out this type of thing without some active tracking.
It can be quite interesting to find out what the ip was used for, in your server's log, around the time it was detected as an hacking attempt. You might find out this ip was previously used a lot, you might even find out many ip are obviously linked to the same attempt (which would really mean someone is deploying some efforts), for quite some time and for the same reasons. And now that you see ther's never a page load, but only attempts to pass some weird vars and to open some forbidden directories, wouldn't you feel more confidant to just ban this or these Ip for at least while and send a clear message to whoever ?
The problem is how to track and find out about such events, as they do occur a lot more often than they actually lead to a successful hack.

I really think we all need these info.

I personally use mod rewrite and error documents a lot to secure a web site, because the server is less likely to be hacked and will need less resources to operate.
You don't need to mod any file and you protect all your site at once.
I will, as soon as I'll get done with some more SEO mods, continue to work on a security solution based on error documents and .htaccess rewriterules.
We'll be able to filter and track many hacking and spamming behaviours. The system will be entirely customisable, everyone will be able to choose from several rewriterule sets and to add more.
The major enhancement in comparison to previous mods will be the fact it will not add code in the regular php process, just some rewriterules (a lot faster than if we'd do it with php), will log and handle http errors (404, 401 500 etc ...) and will, upon some settings, logs any suspicious event.
When an event will be logged, it will output a friendly message telling the event was logged, and do nothing more. Every event will be compared to the previous logged ones, so that the mod will be able to find out if an ip is performing a bit to many errors and will start warning the user the event is of a kind that should not be repeated.

It's all based on levels and error log analysis, first level, tell an error or known hacking attempt occurred, second level ask to stop, third level warn and send a mail to the admin with a detailed analysis of the matching error logs, levels above are left for self defense, to be able to face massive scanning as the mod should concentrate most of the suspicious events, from shortening the process (outputting a lighter page with a lighter but clearer message) to ip banning after a last but shorter mail was sent to the admin.

The tricky part is to properly tune the event rating system, but in the end, it should be very useful.

++

dcz wrote: isn't there a way to set up the time taken into account to an lower value, so that Bot crawls would not be detected as spam ?

unfortunately no

this mod high secure your phpbb forum.

## FEATURES:
## ==========
##
## - Worm & Exploit protection Unit with heuristic engine and more than 280 definitions
## - SQL Injection detector for GET, POST, ... Vars
## - Attack Counter function
## - Checksum Scanner to detect PHP Files wich were changed
## - Recovery System for the board configuration table
## - 8 different footer layouts
## - File Security Scanner wich detects general security issues in phpBB Files
## - Global Message Function
## - IP Blocker Engine
## - Proxy Blocker Engine
## - UserAgent Blocker Engine
## - Comfortable LOG Manager to view attack logfiles and manage the files
## - Selftest system
## - Automatically check file permissions on the logfiles
## - Show Security Tipps for your Server and Board
## - Maintenance function
## - "Miserable User" function to easily block userposts in viewtopic.php
## - Adjustable main logfile size
## - Completely new and modern layout in ACP and Forum
## - Every feature can easily be activated or deactivated over ACP
## - Search Flood Protection for Guests and Users
## - Login Brute Force Protection System
## - Detect wrong Logins and save them in your logfile
## - Login History for Users
## - IP Range Scanner to detect account abuse
## - Spammer Detection System
## - Detect human registered Spammer (Spam Detection Boost)
## - Spammer Keyword Detection for Posts and Profile
## - Registration Protection
## - Registration IP Scanning
## - Account Password Expire Function
## - Account Password Complexity Function
## - Account Password Length Control
## - Emergency console wich can restore board configuration Table without running phpBB
## - Password Reset Flood Protection
## - Massmail Protection System
## - Auto Recovery Board Settings
## - Visual Confirmation for Guest Postings
## - Protect from "Throw Away Mailservices"
## - Automatically detect misconfiguration of sensible Board Settings
## - Very fast code and OOP with Class Files etc.
## - Protect from overwriting sensible vars
## - and many more

This mod makes your board like 50% slower than any other mod.
Also you will have lots of problems, its never a final release.

Sometimes users get blocked just for to have 2 windows open in the same browser, they leave the board because of so many ctracker blockings.

I had this mod and its very difficult to keep up to date, so many releases every 2 months.

Also as Graham says if you are uptodate you will prevent hack attemps and DDOs attempts. The only way to secure a PHPBB is trought securing your server and changing variables, those mods just block common treaths that phpbb already blocks, if its not up to date the mod will not prevent the exploit. (except the highlith exploits).

it says :

Code: Select all

message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?

something is not ok :s

sorry .can i use this mod for phpbb 3.0.1?

I don't know if they released a phpBB3 version yet, but it's possible.

Now, this does not mean that this mods really helps to increase you board security, at least if you keep it up to date.

u mean that isn't so important?
and if i keep my phpbb version up to date it's ok?