Hello,

I have to encode my vbulletin to raise up forums's security & so I encoded my version totaly including all hacks

I uploaded it to my server & access it & suddenly I confused :confused: when I see the total queries for MySQL, they where 10 only for normal version & becomes 41 for encoded one !!!!


How strange is that...!? :surprised:


any one have any meaning for that?


.........

How did you encode it?
Maybe the encoding is breaking some chaches?

I have encoded it using Zend encoder 3.6

I have encoded it using Zend encoder 3.6 I don't understand why you are encoding it...

I don't understand why you are encoding it...
If you spend $1400 for an app's one year licence , you certainly want to use it :D

If you spend $1400 for an app's one year licence , you certainly want to use it

Exactly :)


Now any one answer my question posted above

Yes, but why the fudge would you encode your forums?

Encoding the PHP files won't provide extra security against hacking, brute-force and any specific attack. Encoding is more so used to prevent piracy, or at least aid in the prevention.

If you're looking to secure your forum, there's plenty of information around, including using htaccess for your mod and admin cp folders, renaming the folders themselves, disallowing the use of HTML, etc.

Yes, but why the fudge would you encode your forums?
encode forums for the following reasons:
1- prevent any person (hackers) from getting any information from any file also if uses include().
2- prevent using any strange new file not encoded with my zend version, so if any script/shell uploaded any where it will not be able to work with files or to get information from it.



SaintDog ===> thanks but I'mm looking for EXTRA Security
1- I have Protected (admincp/modcp/includes/install) directories using htaccess
2- I have protected all 777 directories by also htaccess & disabled php from working in it in addition to removing any (php/php3/cgi/pl/asp/aspx/html/phtml/shtml) from these directories.

& now looking for more security improving :)

You should also encode the database, one single hook could cause a million problems ;)

@SS

1). You don't need the /install directory, simply delete it and its contents. vBulletin runs, operates and functions without the directory. I delete it from all of my test and running installations.

2). Don't simply password protect the directories, rename them in config.php, rename them via FTP and then password protect them. Rename them to something only you know the name of and then block access to any viewing to that directory using Robots.txt for exclusion.


Given that, encoding your files really won't do too much good for you, though it will create the extra hassle of encoding them again and again when you upgrade.

Also note that while you may be encoding the PHP files, you're not encoding the output, so if there is a security issue and the "hacker" grabs or sees something within th HTML output that he can use, detecting your version number or other information really won't be that hard.

If your web server is secure, you really have no reason to encode your files. If you've not secured your web server down and locked down access, then it really won't matter if you encode your files or not :).