Hello,
My site was hacked before 3 days ago but I restore now.
Well, there are some security solutions, including changing directory for (config.php), So I rename (config.php) and put it in new folder under vb

directory.
After that I update some files with new name and directory for (config.php) in the following folder :
admincp
includes
install

Now the forum work fine but there is a problem in Product Vbseo show in the header ( See attached picture link ):
http://www.banimalk.net/vbseo.jpg

Warning: include_once() [function.include-once]: Unable to access /home/banimalk/public_html/vb/vbseo/../includes/config.php in/home/banimalk/public_html/vb/vbseo.php on line 17

Warning: include_once(/home/banimalk/public_html/vb/vbseo/../includes/config.php) [function.include-once]: failed to open stream: No such file or directory in/home/banimalk/public_html/vb/vbseo.php on line 17

Warning: include_once() [function.include]: Failed opening '/home/banimalk/public_html/vb/vbseo/../includes/config.php' for inclusion (include_path='.:/usr/lib/php') in/home/banimalk/public_html/vb/vbseo.php on line 17

Product Vbseo needs to reading and identify the new directory and new name for config.php , I have tried to update some files of Product Vbseo but failed .

Please help me ?

Version Forum ( 3.8.7 Patch Level 3)
Version vBSEO (3.6.0 RC 2 )

Thank you

mate, i dont know why you would be still running VBSEO. 100's if not more have removed it from their forums. not only is it a dead product, but you most likely will not get any support for VBSEO here at vb org. lets say you do everything under the sun to make your forum secure...whats stopping hackers from hacking your VBSEO 3.6.0 RC 2? which has exploits. maybe thats the point of ya post, but VBSEO are dead a berried and im pretty sure no one will support it here, but you never know. good luck.

moving your config file is pretty pointless. You have to change the include(s) for it, which means you are still pointing right at that file.

moving your config file is pretty pointless. You have to change the include(s) for it, which means you are still pointing right at that file.

I dunno... this security through obfuscation is pointless makes sense if you're you or me (now keep reading lol) but what about a technician from crowdgather after buying a client of mines forum who had to call me to ask why the details in the config file were wrong and how was it still able to connect? It sure fooled him (who was experienced in vBulletin and various other forums including relocating them etc) so I guess it depends on the level of intelligence of the person trying to gain entry to your site i.e. if a script-kiddie then they won't know where to look so in essence security through obfuscation does work in a sense. Anything you can do to "throw off" someone trying to get into your site will help, you can't argue that.

Also OP as ShawneyJ mentioned remove vBSEO, your just a hacked site waiting to happen imo if you continue to run it.

Edit: Also look for the reference to config.php in /includes/class_core.php and change it there too, that is probably where you missed changing the filename and why it is not working.

No need to change the name of config directory. just protect it using htaccess.

Also, Vbseo removal is a nightmare for many forums depending on your urls but I agree removal is the best thing to do. I believe it will not be long for Google to actually prove Vbseo type scripts as bad for search indexing. It seems like weekly they are adding new restrictions. The latest thing is to target and penalize sites that have too many advertisements. It is only a matter of time before seo friendly type urls are completely ignored in my opinion.

Also, if you are using an older version of Vbseo you better find out how to secure it because it has a vulnerability that is easy exploited.

if you feel your forum has been hacked , just make sure you remove your install folder . that is enough .

make sure you change your admincp and modcp too

if you feel your forum has been hacked , just make sure you remove your install folder . that is enough .

make sure you change your admincp and modcp too

There is much more to secure your website than that, what you have stated is not "enough" in it's self.