I just installed my first VB and I'd like to know what settings to change right out of the gate that will increase security and anything else I need to know.

I've been reading everything so far.

thanks

Use the password protect with .htaccess in /admincp
Don't use unsafe mods that might have a possible exploit.

Where is that file?

It's easy, really:
- Password protect your admincp and modcp directories with .htaccess, or with cPanel if available. Also renamed the directories, for example "forumacp" rather than "admincp". After doing so, edit your includes/config.php file.
- Only give administrator/moderator permissions to people you trust.
- Install as few modifications as possible, and only install stable ones you feel you need.
- Don't spam other forums or rip content (you never know who might take offense).
- Turn on CAPTCHA, and consider a hack such as "NoSpam!" for further protection.
- Learn basic PHP and MySQL; If there is a problem, you need to at least understand the error message.
- Always upgrade to the latest version as soon as it becomes available, and consider taking the board offline briefly if you do not have time.
- Check up regularly on vulnerability sites such as milw0rm.com for possible vBulletin security issues.

And of course, after installation remember to remove the install directory.



Hope it helps. :)

Hope it helps. :)
Yes, thanks! Is there a good book that covers basice PHP and MySQL for beginners so I can get my feet wet?

What's CAPTCHA, what's it do?

And how you get there? :confused:

I'm curious. This thread made me curious about some things.

Captcha is default enabled by vbulletin, you can find all of its options in the vbulletin options. It is the numbers you enter upon registration.

Ohh, that.

I turned it on.

So, why should you password protect the mod and AdminCP? I mean, you want admins to enter passwords twice? :confused:

What happens when there is an exploit in the ACP? You're screwed. That's why you use the htaccess protection. Also, I would suggest having different passwords for the htaccess and user itself.

Alright, I do see your point.

I'll fix it.

And of course, after installation remember to remove the install directory.
Yes, thanks, but what happens when you need to upgrade?

You overwrite all the files anyway, so it doesn't matter.

Yes, thanks! Is there a good book that covers basice PHP and MySQL for beginners so I can get my feet wet?

Best to just learn by editing.