vb.org Archive
Page 2 of 5 1 2 34 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Secure your vBulletin board (https://vborg.vbsupport.ru/showthread.php?t=35346)

Scott MacVicar 02-23-2002 10:09 AM
Just add that piece of code to the top of config.php in the admin folder, if anyone tries to access the config.php file that wasn't called within the users document root the script simply exits.

TECK 02-23-2002 10:11 AM
at PPN's advice, i decided to keep the adduser.php file private. only admins will be able to have a copy.

TECK 02-23-2002 10:12 AM
why you don't see the point? can you explain more please?

Scott MacVicar 02-23-2002 10:14 AM
I need to go play in the snow now :D

The code i posted above works on my test board.

Scott MacVicar 02-23-2002 10:16 AM
If the user has access on the shared server, then they probably have shell access so they can just navigate into your folders open config.php using pico or vi and read the values right off it and then simply access it via phpmyadmin in their own folder.

TECK 02-23-2002 10:16 AM
lol.. ok.. here few snow balls thrown at you..
@ @ @ @ @... ;)

TECK 02-23-2002 10:21 AM
Quote:
Originally posted by PPN
If the user has access on the shared server, then they probably have shell access so they can just navigate into your folders open config.php using pico or vi and read the values right off it and then simply access it via phpmyadmin in their own folder.
si in other words, there is no way to call a path from outside the server and do a mysql_connect?

Scott MacVicar 02-23-2002 11:34 AM
The hacker would have to be on the same server.

JamesUS 02-24-2002 09:54 AM
Would you send me the file please so we can investigate the problem.

james.ussher-smith@vbulletin.com

Thanks.

TECK 02-24-2002 09:59 AM
i did send it to firefly ;) this is the first thing i did.


All times are GMT. The time now is 01:46 AM.
Page 2 of 5 1 2 34 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01085 seconds
  • Memory Usage 1,728KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete