vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)
-   -   Administrative and Maintenance Tools - KX - Rename Config File (https://vborg.vbsupport.ru/showthread.php?t=198856)

Ziki 12-13-2008 10:00 PM
KX - Rename Config File
 
1 Attachment(s)
This modification was brought to you by
KXDesign
http://www.kxdesign.com/


~Modification name
Rename Config File

~Modification description
This modification allows you to rename or move the config.php file.This is to protect your sensible information and increase the security of your vBulletin board.

The majority of boards get hacked because a hacker uploads a malicious script to get hold of the config.php content.But if you move or rename it,there is no chance that they find out the location of it.

Tips & Tricks:

vBSEO - https://vborg.vbsupport.ru/showpost....1&postcount=24
Fool Hackers - https://vborg.vbsupport.ru/showpost....8&postcount=23

~Modification options
None

~Modification info
File uploads: 0
File edits: 1
Templates: 0
Template edits: 0
Plugins: 0
SQL Queries: 0
Phrases: 0
Settings: 0
Hooks: 0

Install time: 1 minute
Install level: Light

~Modification installation

Step 1: Open includes/class_core.php and find:

Code:
include(CWD . '/includes/config.php');

                if (sizeof($config) == 0)
                {
                        if (file_exists(CWD. '/includes/config.php'))
                        {
                                // config.php exists, but does not define $config
                                die('<br /><br /><strong>Configuration</strong>: includes/config.php exists, but is not in the 3.6+ format. Please convert your config file via the new config.php.new.');
                        }
                        else
                        {
                                die('<br /><br /><strong>Configuration</strong>: includes/config.php does not exist. Please fill out the data in config.php.new and rename it to config.php');
                        }
                }
And replace it with:


Code:
include(CWD . 'XXXXX');

                if (sizeof($config) == 0)
                {
                        if (file_exists(CWD. 'XXXXX'))
                        {
                                // config.php exists, but does not define $config
                                die('<br /><br /><strong>Configuration</strong>: includes/config.php exists, but is not in the 3.6+ format. Please convert your config file via the new config.php.new.');
                        }
                        else
                        {
                                die('<br /><br /><strong>Configuration</strong>: includes/config.php does not exist. Please fill out the data in config.php.new and rename it to config.php');
                        }
                }
Where XXXXX is the relative path to your new config file.It can be, for instance:
admincp/mynewconfig.php or includes/configuration.php .

~Modification screenshots
None


~Modification changelog
  • 1.0.0 - First Release


~Modification copyright
This may not be distributed,released or claimed as your work without author's permission.

Ziki 12-14-2008 12:46 PM
~Reserved~

Dr.LoVe 12-14-2008 10:34 PM
i don't understand :S

rob01 12-14-2008 11:30 PM
wow nice work!

this mod is simple -> it will let you change/rename your config file

but if they read this file.. they will find out...

so whats the point?

just asking

steven s 12-14-2008 11:41 PM
Which means each time you upgrade you will need to edit includes/class_core.php before uploading.

linhhon2003 12-15-2008 12:47 AM
If Hacker read files class_core will know the path of the new config files???

Barakat 12-15-2008 07:11 AM
very usefull . thanks

Ziki 12-15-2008 11:53 AM
Quote:
Originally Posted by rob01 (Post 1685534)
wow nice work!

this mod is simple -> it will let you change/rename your config file




but if they read this file.. they will find out...

so whats the point?

just asking
You can select your own unique name and directory.And hackers usually ignore the class_core.php and it's harder to read that one,because it contains lots of functions and code,wheras the config.php has only comments and a couple of variables which can be called easily.

Golzarion 12-17-2008 12:20 PM
I was thinking about encryption of "config.php" codes ... and suddenly I see this mode ...

When the Server has a weak security there is no solution !
but using this mode + encryption can protect your site more . And will make things too hard for hackers.

Thanks Ziki to share your idea . *

mitch84 12-17-2008 01:07 PM
nice, thank

R-D 12-17-2008 03:22 PM
You won't be able to upgrade your forum in future, unless you remember to rename the config.php file back to config.php and overwrite the modified class_core.php file BEFORE proceeding with the upgrade.

Edits to class_core.php should only then be re-applied AFTER the upgrade is complete.


Here's the code in upgradecore.php that would stop you from upgrading until the file exists as "config.php":

Note: You could also change the config.php reference in this file, but you'd have to remember to make that change every time the file is overwritten with the newer version when updating.
Code:
// config file check
if (!file_exists(DIR . '/includes/config.php'))
{
echo "<p>{$upgradecore_phrases['ensure_config_exists']}</p>";
$errorthrown = true;
}

R-D 12-17-2008 03:28 PM
Also, I recommend changing "config.php" to something as obscure as possible, as it's easy to read the contents of a folder in a php file.

Calling it "configuration.php" or "mynewconfig.php", even in another directory, doesn't make it particularly difficult for a hacker to figure out where your config.php has gone, if he wants to hack your site and already has the means to put a malicious file onto your server.

:)

Bilderback 12-17-2008 11:46 PM
I wonder if you can remove the current working directory and move it above root?
Like outside of public_html/ ?
include('/home/inc/XXXXX');
or
include('../../XXXXX');

Ziki 12-18-2008 09:54 AM
No,it has to stay in vBulletin root.

Fungsten 12-18-2008 07:57 PM
It didn't work. What I did was made a folder in the root like this: blahblah/blahblah/newconfigfilename.

I came up with an error. Any ideas? TIA.

Ziki 12-19-2008 06:56 AM
Is the folder in vbulletin root?

Fungsten 12-19-2008 04:01 PM
Quote:
Originally Posted by Ziki (Post 1688540)
Is the folder in vbulletin root?
Yes. It is forum/Folder/Folder

Ziki 12-19-2008 04:08 PM
Is the set URL relative?

Fungsten 12-19-2008 04:23 PM
Quote:
Originally Posted by Ziki (Post 1688865)
Is the set URL relative?
Yes. If you mean that I didn't list it. What I did is replace:

Quote:
if (file_exists(CWD. '/includes/config.php'))
With the new path:

Quote:
if (file_exists(CWD. '/newfolder/newfolder/newname.php'))
I also made the other change.

Falon 02-10-2009 03:25 PM
is it works with vbulletin 3.7.x

Ziki 02-11-2009 04:17 AM
Yes there is a 3.7 version as well.

kapii 02-16-2009 12:52 PM
This is excellent, however, it would not find the wording exactly, so, I hope this really works the way I had to do it. I only changed the path, and moved the file. The board works, so I hope this accomplished what we're trying to do here...

Thanks!
:up:

Merjawy 02-17-2009 12:31 AM
why not keep a fake copy of config.php with this mod, in the original folder to fool hackers?

michi123 02-17-2009 08:05 AM
ye, cuz ur out of your forums folder! the folder has to be in your forums folder!

if sumone is using vbseo, uve to change the config path in config_vbseo.php too!

search
Code:
define('VBSEO_VB_CONFIG',              'config.php');
replace with
Code:
define('VBSEO_VB_CONFIG',              '../folder/newconfig.php');
important is the .. !

Ziki 02-17-2009 10:49 AM
Quote:
Originally Posted by Merjawy (Post 1746398)
why not keep a fake copy of config.php with this mod, in the original folder to fool hackers?
Quote:
Originally Posted by michi123 (Post 1746661)
ye, cuz ur out of your forums folder! the folder has to be in your forums folder!

if sumone is using vbseo, uve to change the config path in config_vbseo.php too!

search
Code:
define('VBSEO_VB_CONFIG',              'config.php');
replace with
Code:
define('VBSEO_VB_CONFIG',              '../folder/newconfig.php');
important is the .. !
Will add these to the first post!

tlwwolfseye 02-17-2009 04:36 PM
That works great on my 3.7.5, except with the Mod "IbProArcade". There it gives me a Database error because it still tries to include the original Filename of the config.php. :(

bigcurt 05-09-2009 04:38 AM
Is there a problem with IPBProArcade Ziki?

Thanks,
Curt

Ziki 05-09-2009 05:37 AM
I don't know I didn't test it.

michael.hart 05-15-2009 09:52 PM
This seems a bit pointless, in my opinion. If a hacker was determined enough (and as this addon becomes used more and more), then I don't see much of a point. They'll just know to check the core file. Your best bet was to keep this to yourself, if your goal was security. Sharing this sort of threw it out of the "Secure" category.

Also, as long as your MySQL server only allows access to your server (and not everyone), (cPanel servers are often configured this way, and you can add exceptions in the cPanel) then even if that have that information, it does them no good.

Also, proper website/server security would make it really difficult for a hacker to upload a file to your server, and even if they did, why bother with this as they probably have full access anyway?

Just my opinion. Take it with a grain of salt :)

avsunforum 05-16-2009 03:47 PM
Thanks :D

RL714 05-22-2009 05:23 AM
if you guy think that hacker would easy to hack into vbulletin files, so i think vbulletin wont live and growing well as now, dont you think ?

Devanand 08-20-2009 02:58 AM
Not working here, I am also geting error. I did everything you said, file is in VB root but still nothing.

luan7749 08-20-2009 03:16 AM
If I'm hacker who had a 'shell' in your server, I'll view source of file class_core.php to find real path of config file. So what ?

Protoman 10-13-2009 08:47 PM
mod posted without permission from previous authors

Ziki 10-14-2009 11:38 AM
Well in that case the previous author would have to be my father as this was written from scratch :). And there's really not much about this mod, it would be like giving instructions to changing the background color of your site and claiming copyright for it :)

TheInsaneManiac 12-25-2009 08:28 PM
Quote:
Originally Posted by linhhon2003 (Post 1685561)
If Hacker read files class_core will know the path of the new config files???
If they can read the config.php somehow, don't you think they could read other files? That's why my config.php is encrypted.

TheLastSuperman 01-29-2010 04:48 AM
Quote:
Originally Posted by michi123 (Post 1746661)
ye, cuz ur out of your forums folder! the folder has to be in your forums folder!

if sumone is using vbseo, uve to change the config path in config_vbseo.php too!

search
Code:
define('VBSEO_VB_CONFIG',              'config.php');
replace with
Code:
define('VBSEO_VB_CONFIG',              '../folder/newconfig.php');
important is the .. !
This renaming will work just fine with vBulletin 4.0 and for vBSEO 3.5 RC2 you need to modify the config.xml file located here:

PHP Code:
www.yoursite.com/forum/vbseo/resources/xml/config.xml 
Differently then you see in the quote above since the config file is now an xml file ;).

Change the following lines and replace the newfolderlocation and newconfigname.php with your new folder and file names :D

PHP Code:
<setting>
<name>VBSEO_VB_CONFIG</name>
<value><![CDATA[../newfolderlocation/newconfigname.php]]></value>
</setting
Then upload the config.xml file back to your server and no more errors from vBSEO ;).

Enjoy!

Mike

legacy123 03-30-2010 10:14 AM
This would go great with the old .htaccess

PHP Code:
<Files config.php
deny from all
</Files


All times are GMT. The time now is 04:53 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01307 seconds
  • Memory Usage 1,830KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (9)bbcode_code_printable
  • (3)bbcode_php_printable
  • (9)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (38)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete