[REL] zCMS_Security - Keep your hotel safe from hotel based attacks

Hello everyone, today I present to you zCMS_Security. It's uber/zCMS/rCMS compatible, and this is what it is:

Explanation -
zCMS_Security is a cron script that runs at a certain time interval, you can change it but the default is at 10 minutes to keep your hotel safe. If there are any hidden accounts, eg above the max rank your hotel has (owner = 7 or w/e), the accounts above that rank will be demoted and the hotel will be shut down and put into maintenance. This feature can be disabled inside the cron job.

The glory about it is it also checks to see if the main owners account (changable in the script) is ranked lower than they should be, which also shuts down the server and puts it on maintenance.

I think this tool is a must have for large hotels if you want to maintain security.

How to install

Code:

---

=> Edit zcms_securitys settings at the top of the script BEFORE YOU DO ANYTHING
=> Place zcms_security.php inside inc/cron_scripts
=> Run the code below on your database

---

PHP Code:

---

DROP TABLE IF EXISTS `site_config`;
CREATE TABLE `site_config` (
  `maintenance` enum('0','1') NOT NULL DEFAULT '0',
  `msg` varchar(255) NOT NULL DEFAULT ' '
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

INSERT INTO `site_config` VALUES ('0', 'Default Message');
INSERT INTO `site_cron` VALUES ('1', '1', '1', 'zcms_security.php', '1315057410', '600'); 


---

NOTES:
You'll need to edit your maintenance tpl file yourself. Mines all custom and stuff so it wouldnt work with what you have, sorry. I'll provide it in v2, cos theres a few ways I could improve this but I think it would be good to release it now

Download -
http://assets.zaphotel.net/zcms_security.rar

Very nice Jonty! (:

Epic release man!

oh i forgot to mention i only coded this because tonight is the first night in like 3 weeks ive been high so i celebrated by coding something to see how well i would do lol, i kept forgetting what i was doing but it turned out well, its run successfully for a few runs on zap so it looks all good.

jontycat

This is pretty good. You know, if you're like me and your IP address is static, you should lock the administrators IP to the administrators account. If some one attempts to login from a different IP than the set one, the session is declined/destroyed. Just an idea ;)

Also, a secret login for staff only (could) be good, or maybe even staff can only login through housekeeping?

Just some ideas ;)

Quote:

---

Originally Posted by Matthew

This is pretty good. You know, if you're like me and your IP address is static, you should lock the administrators IP to the administrators account. If some one attempts to login from a different IP than the set one, the session is declined/destroyed. Just an idea ;)

Also, a secret login for staff only (could) be good, or maybe even staff can only login through housekeeping?

Just some ideas ;)

---

I thought about the IP thing but most ISPs in the world give out dynamic ips, my home ip is static but im moving out in like 4 days and its gonna turn dynamic so i didnt code the feature in. it'll be toggle-able in the next version.

a secret hk is a bad idea imo, cause there could be, like my own, an edit user function, even though it checks every 10 mins, they still have time to damage the system. if that makes sense (:

Nice Release Jontycat!

Good release Jonty ;)

Nice, will being laggy?

i was gonna clean my room but jontey got high and coded this feature and eats some pie


Sorry got carryed away nice release

Any Chance For Uber

Quote:

---

Originally Posted by wichard

Nice, will being laggy?

---

Runs as a cron job every 10 minutes, so if it does lag (which it wont) it would be once each 10 minutes :P

to start off with this a little off topic but "Jontycat - hab00n since '04
'theres only a few of us old habbofags left'" thats funny since you was about 12 or 13 (well looked about 9 thou ;) jokes) in 2009 so that would of made you hmm 8 years old when you joined habbo haha dam thats young, anyway i commend you for your release but the aim is to even let anyone get this far, then again im sure this will save alot of people asses i already know a few who wished they had this kinda shit, lmao phoenix noobs

Quote:

---

Originally Posted by ntl200

to start off with this a little off topic but "Jontycat - hab00n since '04
'theres only a few of us old habbofags left'" thats funny since you was about 12 or 13 (well looked about 9 thou ;) jokes) in 2009 so that would of made you hmm 8 years old when you joined habbo haha dam thats young, anyway i commend you for your release but the aim is to even let anyone get this far, then again im sure this will save alot of people asses i already know a few who wished they had this kinda shit, lmao phoenix noobs

---

Yeah, I started using the internet young, and i'm 17 lol, I was 15 in 2009 :)

---------- Post added at 11:37 PM ---------- Previous post was at 11:36 PM ----------

Quote:

---

Originally Posted by wichard

Nice, will being laggy?

---

No, this is a few checks on your database every 10 mins, it should go unnoticed.

Actually a really smart idea. Wouldn't have thought of it and its such a simple idea.

Nice release.

Quote:

---

Originally Posted by SkeetEmUp

Actually a really smart idea. Wouldn't have thought of it and its such a simple idea.

Nice release.

---

thanks. I also updated the package as i forgot an = in an if statement.