I'd like to deny access to the include files - I know that vB tries to do this , but I'd like to do it explicitly. Other than /include/ , are there any dirs that can be denied?

I believe /clientscript/ is as well :)

Satan

Lol, denying clientscript, will make the board not function anymore i guess.

I believe /clientscript/ is as well :)

Satan
If you are that worried, why run a forum!

Serriously though.. the includes directiory doesn't contain anything that can harm your board from direct web access.

well a good way to prevent a file from being called by itsel:

I believe this would work:


if (eregi("filename.php",$_SERVER['PHP_SELF'])) {
header("Location:http://www.misite.com");
exit;
}

just htaccess the directory if your worried...

The only directory that can be locked out is includes.

All scripts that are not ment to be called directly, are already "protected" against starting them directly, or at least protected from performing any actions.

The easy way to do this:

<Files *.php>
Order allow,deny
Deny from all
</Files>

<Files *.extension1>
Order allow,deny
Deny from all
</Files>

<Files *.anotherextension>
Order allow,deny
Deny from all
</Files>

Put this into .htaccess of every folder you want to protect.

You know what I meant :p

I mean users cannot harm the board by accessing them directly:p

I misunderstood what he was asking and thought he wanted to know what directories were protected from damaging the board by users typing the url in :p

Satan

One thing I don't like about the vB installation script is that it tells you to delete the install.php file. What they don't tell you is that you can delete the entire install directory :) For upgrades, you just copy the whole install directory from the new version.

One thing I don't like about the vB installation script is that it tells you to delete the install.php file. What they don't tell you is that you can delete the entire install directory :) For upgrades, you just copy the whole install directory from the new version.
Eh, I don't advise deleteing the entire install directory, there are some useful files that you should have on hand, further more the only somewhat harmful file is install.php (because it can drop your database)

Eh, I don't advise deleteing the entire install directory, there are some useful files that you should have on hand, further more the only somewhat harmful file is install.php (because it can drop your database)

I always have them on hand, at home :)

Better is to protect the directory with a .htaccess

I agree, the best thing is a simple .htaccess to block the dir. (Really, the includes etc should be outside of the webroot but I guess vB must support hosts where this is not available). My question is only which dirs can be blocked - I guess the answer is /includes/ and /install/

(Really, the includes etc should be outside of th(Boys and girls, don't try this at homee webroot but I guess vB must support hosts where this is not available).

This is a good idea. But the includes directory (I think) is harcoded in a few places. But if it's made outside the webroot, you can just add it explicitly the includes path in php.ini and it should work.

I can see some mods and vB devs pulling their hair out at all this sacrilege :D