MyBB has a curious method for approaching security, a good portion of it is spent guarding the control panel which itself is siloed off from the rest of the system and makes you login again.
There is even an option to filter logins by IP, to add an additional PIN which you have to enter in addition to the password, admin two-factor authentication, etc. while the items in the control panel itself actually have a lot of vulnerabilities, but at that point, they probably assume you're screwed anyway.
There are even options to obfuscate the location of the control panel, so that adversaries aren't able to find and exploit it and even plugins which will plop down an entirely fake control panel which fires off logs whenever someone tries to exploit it.
It's all almost like a big wall being built around the control panel to secure it and it's all concentrated on one little subsystem. It even has short session time-outs like a bank, if I recall.
There is even an option to filter logins by IP, to add an additional PIN which you have to enter in addition to the password, admin two-factor authentication, etc. while the items in the control panel itself actually have a lot of vulnerabilities, but at that point, they probably assume you're screwed anyway.
There are even options to obfuscate the location of the control panel, so that adversaries aren't able to find and exploit it and even plugins which will plop down an entirely fake control panel which fires off logs whenever someone tries to exploit it.
It's all almost like a big wall being built around the control panel to secure it and it's all concentrated on one little subsystem. It even has short session time-outs like a bank, if I recall.
