This is an idea that I came up with and was wondering if it's possible..

Background
If someone has a shell (ie: C99, R57) on your website, and they know the path of the config.php, they can get the information and virtually have full control over your forum. By default the path is (/includes/config.php). I've been able to prevent directories being listed using a shell, but you can still view specific files if you know the path.

Is there any way to rename and move the config.php to a new path?

Thanks,
-Mike

You can move it outside the webroot and put a link to the real location in your ./includes directory, but that is useless as protection against someone who gained shell access.

Bare in mind I'm talking about a Shell, not SSH access.
The shell I'm referring to is a PHP File such as C99.

I'll talk a look into that Marco.

Thanks,
-Mike

Hi I found this c99 file along with other php files in an uploading file script I am running on my site. I deleted them but don't how long they have been up there. What can a person running that file have gained access to?