Server management question?

Discussion in 'Networks' started by kobem, Jun 10, 2009.

  1. kobem

    kobem Megabyte Poster

    791
    1
    50
    I am a member of for about 100 websites and mostly forum sites. I want to learn shortly
    how these sites are run. For instance, in one of the such forum sites named "donanimhaber" , i was
    banned so many times. Nevertheless, this time something different happened to me. I can not make
    use of "write and answer to thread" and "new topic" buttons for 2 days. I browsed using
    lots of browsers, nothing changed.

    Any questions else would you like to heaR? Yeah, thats coming for you.

    2- The thing im curious about is demanding knowledge about running forums. Administrators manage the web site
    from their homes clicking some buttons reserved for them? or how?
     
    Certifications: CCNA
  2. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    Well if you have been banned then maybe part of the banning procedure makes it so you can't post a thread or reply.

    This isn't to do with server management it's down to the mod or admin on this site saying don't allow Kobem access.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  3. dmarsh
    Honorary Member 500 Likes Award

    dmarsh Petabyte Poster

    4,305
    503
    259
    The website will have some sort of security design and access restrictions, likely based around RBAC. You don't have an admin account, you did not authenticate as a user with an admin account therefore you get reduced priviledges. Its just like AD or anything else. The admin can probably add or remove various rights from your account on a whim, the software probably has, temporary ban and permanent ban features.

    Try looking around the net.

    http://httpd.apache.org/docs/1.3/ho...PdOEJRYAAAAu1EYH&bcsi_scan_filename=auth.html
    http://www.ietf.org/rfc/rfc2617.txt?bcsi_scan_D397AC55D256AA0B=0&bcsi_scan_filename=rfc2617.txt

    Many websites make use of the fact that SSL provides a secure tunnel to transmit the authentication data and they then use form based authentication.
    http://en.wikipedia.org/wiki/HTTP+HTML_Form_based_authentication

    After this its entirely up to the server what type of ACL's the user gets, normally a session is established using a cookie containing an identifier for the domain of the site.

    The server uses the cookie to maintain a user session which includes a session cache on the server which typically contains the users current credentials or ACL's.
     
  4. kobem

    kobem Megabyte Poster

    791
    1
    50

    what do you think for the second question?
     
    Certifications: CCNA
  5. dmarsh
    Honorary Member 500 Likes Award

    dmarsh Petabyte Poster

    4,305
    503
    259
    The 'buttons' are basically URL's or form submissions or HTTP post requests.

    The server must perform a security access check on all priviledged actions on the server side to guard against attack.

    This check will check the sessions ACL against the actions ACL.

    So then the problem becomes are all the checks sufficient, have any been missed ?

    and

    Can the session be hijacked ?
     
  6. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    As for running forums: most (including CF) use Vbulletin due to it's reliability and scalibility. Although the install guides and support is really good, it does require some homework to install and modify. The good thing is you can customise it to do more or less what you want.

    Simon
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  7. kobem

    kobem Megabyte Poster

    791
    1
    50
    well , do not they operate web servers? Driving a forum site is just about use of these restriction/permission
    buttons?
     
    Certifications: CCNA
  8. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Once purchased, Vbulletin is downloaded and then installed on your webserver (or host which is what most people will do) which must run PHP and MYSQL. They provide a test script before purchase which will check it's suitability.
    They also offer an install service, although i would suggest installing yourself; it's all part of the learning process :D
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  9. JonnyMX

    JonnyMX Petabyte Poster

    5,257
    220
    236
    There's no one here who knows f***-all about how forums work...

    :biggrin
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  10. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    172
    211
    Control of access to the forum, and the things you can do with it, are generally nothing to do with server permissions. Its all managed from within the web application (forum), and the permissions for that are stored in the database.

    When you log in, your permissions are retrieved from the forum database, and this determines which of the sections/actions on the forum you are permitted to do.

    Additionally, the forums can store lists of IP's that the administrators do not wish to have access to the site. Again, this is managed from pages within the application, as designed and supplied by the application provider.

    Once again, for the most part, the security for sites such as forums are generally nothing to do with server permissions.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  11. dmarsh
    Honorary Member 500 Likes Award

    dmarsh Petabyte Poster

    4,305
    503
    259
    Oh now I get it, you want to run a forum ?

    People remotely administer their websites using a variety of technologies :-

    SSH, Putty, FTP, HTTP, VPN, TerminalServices/RemoteDesktop/VNC.

    Once the servers up and running theres normally a web interface (HTTP/HTML) for web based software like forums.
     
  12. dmarsh
    Honorary Member 500 Likes Award

    dmarsh Petabyte Poster

    4,305
    503
    259
    Yes thats what I was trying to say, the database is the standard place data gets stored but it could be a file or an LDAP or other store.

    Sometimes the server permissions are related to the logon permissions, although that was not what I was saying, what I meant was that most systems use RBAC and ACL's and most people will be familiar with these from windows.

    Yes with forum software I agree normally a very basic role based security exists which is stored in a database.
     
  13. kobem

    kobem Megabyte Poster

    791
    1
    50
    Trying trying but there is no progress about you told me. yeah im an idiot some sort of. :rolleyes:
    The main issue is that i can not illustrate on my head. When i connected to a forum site (one type of website) (mainly web server) some steps are taken. While logging in , arrangements are done
    remotely? or they have a building consists of many network devices linked to them and administrators
    are just there(inside building)?
     
    Certifications: CCNA
  14. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    172
    211
    Im not really sure what it is that you arent getting in what we've discussed. Let me try it all another way.

    When you want to start a forum, you first buy a web host. you then buy and install onto that host, the forum software. This installs the webpages and the database onto the host.

    When you log into this forum, and enter your username/password, the page queries the database for your user details, and permissions. Using this information, it shows/hides various parts of the forums from you. If you have administrator permissions, it will show you a link to the admin pages.

    Within the admin pages, there are a variety of functions. Some allow you to create new sections of your forum (like we have here), some define search engine keywords, some allow you to manage your users.

    Within the user admin pages, there will be sections which allow you to ban particular user accounts, either for a short time, or permanently. There will also possibly be pages which allow you to define a particular IP address, or range of addresses which are banned from accessing the forum regardless of the username being used.


    or alternatively, if you prefer.

    Magic goblins draw your web page whenever you ask for it. If the administrators want to ban you from doing something, they phone up the goblins, and give them a description of you, telling you not to let you do anything. These goblins can see out of your monitor, and thus know not to let you create posts.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  15. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    ...damn goblins :p
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  16. Modey

    Modey Terabyte Poster

    2,397
    99
    154
    Fergal, instead of trying to answer, just do this, it will save time mate.

    [​IMG]
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2K3, MCTS, MOS, MTA, MCT, MCITP:EDST7, MCSA W7, Citrix CCA, ITIL Foundation
    WIP: Nada
  17. kobem

    kobem Megabyte Poster

    791
    1
    50

    ok, allright i realised your perfect explanation. Still you reply but not to my question.

    I ask it shortly this time.

    1- when i log in to one of this web servers , administration is done from far?(remotely from their houses)
    or from their small business?
     
    Certifications: CCNA
  18. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    172
    211
    It depends. There is no solid answer to that question. The administration of the forum is (mostly) web-based once its running. To administer those things, it can be done anywhere in the world.

    To make changes to the server itself (ie installing software/patches onto the server, or adding new files onto the server), again it depends. Some companies will only allow those activities to be performed from inside their network, some will only allow it with physical access to the machine. Others (including any web hosts that supply you with a virtual machine) will allow it to happen anywhere in the world, so long as you have the appropriate access credentials.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  19. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    This man tells the truth. :p
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  20. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    172
    211
    Lol. I missed that post. Nice pic. *yoink*
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.