vb.org Archive
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3 Articles (https://vborg.vbsupport.ru/forumdisplay.php?f=187)
-   -   Making your Admincp More secure! (https://vborg.vbsupport.ru/showthread.php?t=197510)

iNRoC 12-09-2008 10:50 PM
Thanks Carlito for adding to this thread. I should have included all of that..

haxcommunity 12-21-2008 09:19 PM
Thanks for posting a guide I made everywhere >_<
Real Professional Man

iNRoC 12-23-2008 11:04 PM
I credited you though lol

TheLastSuperman 12-24-2008 03:15 PM
Quote:
Originally Posted by haxcommunity (Post 1690625)
Thanks for posting a guide I made everywhere >_<
Real Professional Man
Quote:
Originally Posted by iNRoC (Post 1692431)
I credited you though lol
The point is, both of you helped me so thanks!

S-MAN

ehabfouad22 02-09-2009 06:46 AM
Quote:
Originally Posted by iNRoC (Post 1674749)
Trick #2: The Dummy Admin Panel

This one goes well with trick #1. Goto your admin panel's login screen,and go to your browsers File-> Save As page, and save the .php file to your HD. Now, open edit out the personal data in that admincp (look around the form data for "hidden" fields), and upload it to a directory on your server. Basically, the idea here is to make a non-functional admincp login page, to fool people into thinking they have the right URL when they really don't.
Hi guys,
Any further details on how to perform that trick? (#2)
After saving the php file as complete webpage, what should be editted and uploaded? :)
Many thanks!
:up:

bc641990 02-18-2009 06:53 PM
lol most of the ideas in this were from me inroc :-/ unbelieveable

mme42 06-17-2009 01:47 AM
Quote:
Originally Posted by iNRoC (Post 1674749)
Trick #2: The Dummy Admin Panel

This one goes well with trick #1. Goto your admin panel's login screen,and go to your browsers File-> Save As page, and save the .php file to your HD. Now, open edit out the personal data in that admincp (look around the form data for "hidden" fields), and upload it to a directory on your server. Basically, the idea here is to make a non-functional admincp login page, to fool people into thinking they have the right URL when they really don't.
A few questions. First, exactly what personal data would be edited out? This is going to be an html file then, not php? And, is the idea to use this page as your listed admincp page in the config.php? Or do you have the real ACP in the newly renamed directory in the config and put the fake page in the /admincp folder in case somebody navigates directly to that path?

Quote:
Originally Posted by jca2112 (Post 1680330)
For example, a Fake Admin Login page that writes the IP addresses of login attempts to a file and/or email sent to the admin? That would make it easy to be alerted to login attempts and make it easy to ban users/IPs/etc. that go snooping for the Admin Panel.
Quote:
Originally Posted by iNRoC (Post 1681755)
Ill make you a page for it soon.
It would be helpful if anybody could do this.

Thanks :D

Barteh 10-26-2009 12:36 PM
Slight bump. There's a simpler way to confuse bots, just add empty admincp and modcp dirs, then copy a .htaccess file to both that contains a single line:
Code:
deny from all
Alternatively you could provide access to this (empty) dir with .htpasswd and an extremely long and completely random username and password, which they're of course quite welcome to try to bruteforce :rolleyes:

All of this assuming you've moved your *real* admincp and modcp dirs of course.

lycheepassion 01-09-2010 06:47 AM
Quote:
Originally Posted by jca2112 (Post 1680330)
The Dummy Admin Panel seems like a really good idea.

Has anyone made a mod/hack/script along these lines?

For example, a Fake Admin Login page that writes the IP addresses of login attempts to a file and/or email sent to the admin? That would make it easy to be alerted to login attempts and make it easy to ban users/IPs/etc. that go snooping for the Admin Panel.

Unfortunately that very same idea is essentially an exploit -- it could be used to do harm to the real vBulletin admin. Redirecting legitimate login attempts to the Fake Admin Login page in order to capture REAL username and passwords.

Is there something like this available that also couldn't be used to do evil things?


I really dont get how to do the dummy admin panel, maybe im just a dummy? Any help :D

kootta 11-27-2010 11:14 PM
that's so nice informative post keep it up


All times are GMT. The time now is 01:29 PM.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01316 seconds
  • Memory Usage 1,738KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete