First please beware e these will make your vBulletin a little better but vBulletin does have a lot of backdoor and exploits. there is no order of these so Just Follow each step to secure :)
// ****** UNDELETABLE / UNALTERABLE USERS ****** // The users specified here will not be deletable or alterable from the control panel by any users. // To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '';
Code:$config['SpecialUsers']['undeletableusers'] = 'PUT YOUR USERID HERE';
Every hacker knows the default paths to the vBulletin admincp and modcp control panels. www.yoursite.com/forum/admincp or www.yoursite.com/forum/modcp By knowing these paths, hackers by pass going through the forums first before attempting to hack into your admincp or modcp.
If you rename the admincp and modcp folders, they will have to hack your log in for the forums first before they are able to find these folders. You can rename these folders anything you like. Here are a couple of examples: www.yoursite.com/forum/firstcp and www.yoursite.com/forum/secondcp
Rename these two folders on your ftp site and change your config.php file to match the names of the new folders.
If you rename your admincp and modcp folders, you MUST change the names of the these in the config.php file to match what you renamed them.
Tip: If you are upgrading your forums make sure you don't forget to rename the directories again!
If you have and the other admins have a unique IP address you can edit the .htaccess file in your admincp directory with.
order allow,deny allow from allow from deny from all
This way the directory should not load for anyone whose IP doesn't match this list. So That,s all from my side now its your turn to secure your site by unique methods :) Kindly rate this post to help others
Regards,
Zulqurnain jutt
---------------------------------------------------------------------------------------------------------
- Always keep your vBulletin upgraded. I know it's difficult financially for some people, but please do try to get vBulletin 4. It is much much more secure. (even if you use a null, make sure to keep up with the last upgrade for 4.) 5 is not secure yet.
- Edit your config.php file so no one can delete you from your own forums.
Search for:
// ****** UNDELETABLE / UNALTERABLE USERS ****** // The users specified here will not be deletable or alterable from the control panel by any users. // To specify more than one user, separate userids with commas.
$config['SpecialUsers']['undeletableusers'] = '';
Edit this part
Code:$config['SpecialUsers']['undeletableusers'] = 'PUT YOUR USERID HERE';
- Chmod 644 to ALL files if you are on shared hosting
- Do a through scanning of your OWN computer just to make sure there are no key loggers or such. This can get you.
- Pick your ADMINS and MOD wisely. If you give someone admin privilege, that basically means the have almost the same control over the site as you do.
- Unique names for the core member database table on every installation.
- Unique names for the password field of the member database on every installation.
- Keep regular backups, but not only that, check the integrity of said backups to make sure it's backing up correctly.
- You should change the Admin CP and Moderator CP path. That is so people does not know how to get onto it except your staff members.
- Password protect your Administrator and Moderator Control Panels directories as well as the install and includes directories using .htaccess/.htpassword Click Here
- Make sure the tools.php (vB3) file is NOWHERE on your website.
- If you suspect a hacking attempt, ask your host to change the login password for your web account.
- Make sure all the Admin and Mod passwords are secure. Change them if you have any doubts. And use hard to guess passwords.
- NEVER allow HTML in posts, PMs or in signature.
- Use a different password for each forum you sign up with. Use a different password for your forum as you do for the .htaccess directory password.
- Do Not Upload config.php.new when upgrading your forums.
- If you imported data from another software using ImpEx, make sure to remove the /impex/ folder when you're done.
Every hacker knows the default paths to the vBulletin admincp and modcp control panels. www.yoursite.com/forum/admincp or www.yoursite.com/forum/modcp By knowing these paths, hackers by pass going through the forums first before attempting to hack into your admincp or modcp.
If you rename the admincp and modcp folders, they will have to hack your log in for the forums first before they are able to find these folders. You can rename these folders anything you like. Here are a couple of examples: www.yoursite.com/forum/firstcp and www.yoursite.com/forum/secondcp
Rename these two folders on your ftp site and change your config.php file to match the names of the new folders.
If you rename your admincp and modcp folders, you MUST change the names of the these in the config.php file to match what you renamed them.
Tip: If you are upgrading your forums make sure you don't forget to rename the directories again!
If you have and the other admins have a unique IP address you can edit the .htaccess file in your admincp directory with.
order allow,deny allow from allow from deny from all
This way the directory should not load for anyone whose IP doesn't match this list. So That,s all from my side now its your turn to secure your site by unique methods :) Kindly rate this post to help others
Regards,
Zulqurnain jutt
I am a pro-programmer of C++ ,php i can crack some softwares and am a web desighner .I AM also on
0 Comments :
Post a Comment
Having Confusion ,oH Dear ask me in comments!!