PDA

View Full Version : Administrative and Maintenance Tools - [4.1.x-4.2.x] Notify when config.php changes

liamwli
09-29-2012, 10:00 PM
If you want support, please mark as installed. If you install, please mark as installed :)

!!MOD UPDATED DUE TO INAVLID SETTING CONFIG - IT WILL WORK NOW!!

This mod is for vBulletin 4.1.x - 4.2.x

This mod will allow you to specify users that will get stopped if the config.php file is modified.

This is useful as a security tool, as most hackers would go for the config.php file.

You must enable it in it's settings before it will work.

Why Would I want/need this?
The config.php file contains the variables for super admins, as well as those with log pruning/viewing/sql executing permissions. If someone has ftp to your site, they will target this file so they can do whatever they want. Want to risk it? Install now!

Please note: This may cause a slight delay loading the page for people you choose to notify, as it calculates the md5 hash of the config.php file. It shouldn't be too much of an issue though.

Changelog

Version 2.2

Added - Setting to enter config.php location
liamwli
09-30-2012, 06:21 PM
Reserved.
liamwli
10-01-2012, 06:18 PM
Mod updated - settings not showing fixed.
GhostHunter2010
10-04-2012, 03:26 PM
does it work on 4.2.0 mate
liamwli
10-06-2012, 04:22 PM
does it work on 4.2.0 mate

Yup. That is what I am using it on.
Mrquarter2
10-06-2012, 10:09 PM
I will try this out. Very nice.
Prashanth
10-07-2012, 10:29 AM
it doesnt work 4 me as i dont use the default path for config file if possible u can query class_core to get the new path
TheSupportForum
10-07-2012, 10:38 AM
personally i would just do this

.htaccess file in /include

RewriteEngine on

<Files 403.shtml>
order deny,allow
deny from all
</Files>

allow from domainipaddresshere
liamwli
10-07-2012, 10:44 AM
it doesnt work 4 me as i dont use the default path for config file if possible u can query class_core to get the new path

I could add a setting for you to enter the path...
liamwli
10-07-2012, 10:44 AM
personally i would just do this

.htaccess file in /include

RewriteEngine on

<Files 403.shtml>
order deny,allow
deny from all
</Files>

allow from domainipaddresshere

That stops people going to it - not checking if it was modified.
TheSupportForum
10-07-2012, 10:55 AM
That stops people going to it - not checking if it was modified.

they will not be able to modify it if you restrict it to your own domains IP
liamwli
10-07-2012, 11:07 AM
they will not be able to modify it if you restrict it to your own domains IP

And if they have ftp....
Prashanth
10-07-2012, 11:07 AM
that would be gr8
liamwli
10-07-2012, 11:24 AM
that would be gr8

Ok, done.
TheSupportForum
10-07-2012, 11:28 AM
And if they have ftp....

lol now thats being stupid

1) they need to know your username & password

and plus you can You can restrict FTP access by IP through a .ftpaccess file

to do this you do the following

create a file called .ftpaccess

content


<Limit STOR>
DenyAll
Allow youripaddresshere
</Limit>
Prashanth
10-07-2012, 12:08 PM
i think u forgot to update the eval code in admin function

Warning: md5_file([path]/includes/config.php) [function.md5-file]: failed to open stream: No such file or directory in
liamwli
10-07-2012, 01:24 PM
i think u forgot to update the eval code in admin function

Warning: md5_file([path]/includes/config.php) [function.md5-file]: failed to open stream: No such file or directory in

Yes - I did, thanks :)

EDIT:

Hmm. I edited the options function, and now it won't work. I'm thinking that I can't make a call to the vbulletin options in vbulletin options...

EDIT 2: Fixed it, please download the file now :)
Prashanth
10-07-2012, 02:41 PM
thanks it works finally