securing vb forum
- Thread starter lenney
- Start date
- Status
16 comments
Rename you admincp and modcp directorys to something like:
"FoVCPY6ANhYXl73lwmCTjZ8gxYWUzGu5uG79e4ArbYFDW8oJlr"
Use tubenets pass generator to get dir names. http://tubenow.net/pass-generator/
Password protect admincp and modcp, (once again safest bet use a pass generator http://tubenow.net/pass-generator/)
Remove the thread.php file from modcp as that is what they can use to prune the forum, As your smods shouldn't really need to mass prune as they can do it through the forum.
Make sure you use secure email accounts. best option is to use a personal one like blahblah@yourdomain.com so people cant revert it like at hotmail. also make sure all mods don't use hotmail as it is easy to revert.
Also what you could do is if you admin account keeps getting hacked is setting up a user account random make that full admin but make it look like a normal user and just use that to do admin stuff then make you account have no options in admincp or very few so people will try to hack you account and if they do they can't do fuck all with it.
"FoVCPY6ANhYXl73lwmCTjZ8gxYWUzGu5uG79e4ArbYFDW8oJlr"
Use tubenets pass generator to get dir names. http://tubenow.net/pass-generator/
Password protect admincp and modcp, (once again safest bet use a pass generator http://tubenow.net/pass-generator/)
Remove the thread.php file from modcp as that is what they can use to prune the forum, As your smods shouldn't really need to mass prune as they can do it through the forum.
Make sure you use secure email accounts. best option is to use a personal one like blahblah@yourdomain.com so people cant revert it like at hotmail. also make sure all mods don't use hotmail as it is easy to revert.
Also what you could do is if you admin account keeps getting hacked is setting up a user account random make that full admin but make it look like a normal user and just use that to do admin stuff then make you account have no options in admincp or very few so people will try to hack you account and if they do they can't do fuck all with it.
That's from vbulletin...
How To Make My Forums More Secure
Here's some things you can do to increase the level of security for your forums:
1. Always upgrade to the latest stable version.
2. Do not install any unofficial hacks or plugins as they are not written or reviewed by our developers.
3. Password protect your Administrator and Moderator Control Panels directories using .htaccess/.htpassword http://www.javascriptkit.com/howto/htaccess3.shtml
4. Make sure the tools.php (vB3) file is NOWHERE on your website.
5. Although this is only a potential problem if someone gets a hold of your customer number, you should remove the upgrade* files from the install directory.
6. Remove the ImpEx files if you had used this import system.
7. If you have phpMyAdmin make sure it's password protected.
8. If you suspect a hacking attempt, ask your host to change the login password for your web account.
9. Make sure all the Admin and Mod passwords are secure. Change them if you have any doubts. And use hard to guess passwords.
10. Enable the 'strikes' system which will help thwart brute force password attempts:
Admin CP -> vBulletin Options -> General Settings -> Use Login "Strikes" System -> Yes
11. NEVER allow HTML in posts, PMs or in sigs.
12. Make absolutely sure there are no viruses, trojans or keylogger spyware on your PC. Any of these could steal your password and other personal info.
13. Do NOT upload the directory called do_not_upload/
14. Use a different password for each forum you sign up with. Use a different password for your forum as you do for the .htaccess directory password.
15. Update the config.php file and set yourself as undeletable user so they can't touch your admin account.
Note your forums are only as secure as the passwords you use and the server it is on. If the server is accessed then there's nothing vB can do to prevent potential security violations.
If you have and the other admins have a unique IP address you can edit the .htaccess file in your admincp directory with.
order allow,deny allow from <your IP>
allow from <admin2's IP>
deny from all
This way the directory should not load for anyone whose IP doesnt match this list.
__________________
How To Make My Forums More Secure
Here's some things you can do to increase the level of security for your forums:
1. Always upgrade to the latest stable version.
2. Do not install any unofficial hacks or plugins as they are not written or reviewed by our developers.
3. Password protect your Administrator and Moderator Control Panels directories using .htaccess/.htpassword http://www.javascriptkit.com/howto/htaccess3.shtml
4. Make sure the tools.php (vB3) file is NOWHERE on your website.
5. Although this is only a potential problem if someone gets a hold of your customer number, you should remove the upgrade* files from the install directory.
6. Remove the ImpEx files if you had used this import system.
7. If you have phpMyAdmin make sure it's password protected.
8. If you suspect a hacking attempt, ask your host to change the login password for your web account.
9. Make sure all the Admin and Mod passwords are secure. Change them if you have any doubts. And use hard to guess passwords.
10. Enable the 'strikes' system which will help thwart brute force password attempts:
Admin CP -> vBulletin Options -> General Settings -> Use Login "Strikes" System -> Yes
11. NEVER allow HTML in posts, PMs or in sigs.
12. Make absolutely sure there are no viruses, trojans or keylogger spyware on your PC. Any of these could steal your password and other personal info.
13. Do NOT upload the directory called do_not_upload/
14. Use a different password for each forum you sign up with. Use a different password for your forum as you do for the .htaccess directory password.
15. Update the config.php file and set yourself as undeletable user so they can't touch your admin account.
Note your forums are only as secure as the passwords you use and the server it is on. If the server is accessed then there's nothing vB can do to prevent potential security violations.
If you have and the other admins have a unique IP address you can edit the .htaccess file in your admincp directory with.
order allow,deny allow from <your IP>
allow from <admin2's IP>
deny from all
This way the directory should not load for anyone whose IP doesnt match this list.
__________________
timtamboy63
Active Member
have u installed vbfirewall?
also what mods/addons/hacks have u got for ur fioum, i know that quit=e a few of them are very unsecure
also what mods/addons/hacks have u got for ur fioum, i know that quit=e a few of them are very unsecure
apirateslife
Active Member
The vulnerabilities have been fixed in the latest version of cPanel - 11.24.5-R37127, earlier versions of cPanel are vulnerable.
Code:
http://changelog.cpanel.net/- Status