That would be a simple fix. But as far as IP's go it gets really tricky keeping an updated list and resolving proxies. Unfortunately we wouldn't know an exception occurred until it's too late. Hosting sensitive material on a VB system is probably not the smartest idea either.

However, if we keep the site from being discovered by google and restrict access as much as possible, we can get around most of these issues.

ok then simple way to protect your website from bots is


put id n pass in ur .htaccess file bots can't enter id n pass .. id n pass can b simple like id 123 pass 123

then u can lock down vb like register to view the site.. and you can disable the registration

and Manuel make the employee's ids then send them to thier email so only they can log in not the other ppl !!!

hope this help ya enjoy

You can choose to not use .htaccess/.htpasswd, but instead, hook into vBulletin (probably at global_start), and create a login prompt by sending headers, then running the normal login checks to see if the user is authenticated.

Thanks for all of the input. Your post started me thinking about this and it became obvious that I was going about this the wrong way. I did in fact DUMP the .htaccess/.htpassword usage. I must have logged into my admincp 100 times yesterday, not realizing the answer is right in front of my face. The admincp login and redirect on failed login is exactly what I'm looking for.

Basically I created a similar login based on the AdminCP login. Then I set VBPortal and VB permissions to Deny All for everyone except Admins, Super Mods, Mods, Registered Users, and My Custom Groups.

You were right on the money, global_start was the key for triggering it.

Thanks again man! Sometimes you just need a third party view on these things.