vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   htpassword admincp (https://vborg.vbsupport.ru/showthread.php?t=143496)

Greek76 03-29-2007 10:19 AM
htpassword admincp
 
Ok Im attempting to create a .htpassword file to protect my admin cp. So I read some of those sites on .htpassword. Reason being Ive had some trolls and some very shady ip addresses viewing my forum so I want to protect my forum. My question is when I create the file how would I go about actually protecting the admin panel. Would it be like this code below? Is that all I need to protect is my admin panel?


Quote:
AuthName "Admin file"
AuthType Basic
AuthUserFile /home/bla bla/public_html/forum/Admin panel/.htpasswd
Require valid-user=username
Require valid-password=password
Is that correct?

Then upload file to the admin directory?

Thanks

nexialys 03-29-2007 01:19 PM
there is no absolute reason why you would have to htpassword your admincp... trolls or not, if they don't have an admin account, they can't hit farther than the login page in the admincp...

Greek76 03-29-2007 05:35 PM
So what do you recomend. Ive read plenty of posts of people creating htpasswords files and uploading them to their forum to password protect files.

TECK 03-30-2007 06:29 AM
Quote:
Originally Posted by nexialys (Post 1215264)
there is no absolute reason why you would have to htpassword your admincp... trolls or not, if they don't have an admin account, they can't hit farther than the login page in the admincp...
Are you sure? vBulletin.com does not think the same way:
http://www.vbulletin.com/forum/admincp/

It's extremly important to protect your /admincp with htpasswd.
DO NOT use an online tool generator (security warning) and update through FTP, just telnet into your server and run the commands there.

Run this:
(pwd will show you the /full/path/to/your/protected/folder path)

su -
cd /your/protected/folder
pwd
pico .htaccess

In pico, paste this:
Code:
AuthUserFile /full/path/to/your/protected/folder/.htpasswd
AuthName restricted
AuthType Basic
<Limit GET>
        require valid-user
</Limit>
Now, hit CTRL+O (letter) on your keyboard, which executes the Write command.
You will be prompted with the file name .htaccess at the bottom of your screen. Confirm the file is named correctly, and hit enter to save your file. You may now exit pico by hitting CTRL+X.

To create a .htpasswd file and insert it's first user, run this:
cd /your/protected/folder
htpasswd ?c .htpasswd johnsmith

You will be prompted to put in a password for johnsmith and then to confirm it.
If you want to add another user, just run this:
htpasswd .htpasswd newuser

Pretty easy, ehh? I hope you dont run Apache with php-fcgi, because that's another story...

Marco van Herwaarden 03-30-2007 06:56 AM
Quote:
Originally Posted by nexialys (Post 1215264)
there is no absolute reason why you would have to htpassword your admincp... trolls or not, if they don't have an admin account, they can't hit farther than the login page in the admincp...
And what if there is a new vulnerability found (vB or a modification) that makes the ACP vulnerable?

TECK 03-30-2007 07:07 AM
Thanks Marco. :)

Cap'n Steve 04-02-2007 02:15 AM
They're just assuming that you'll use bad passwords. I guess it's better to be safe than sorry, though.

Greek76 04-03-2007 09:16 AM
Thanks for the posts guys!

Quote:
Originally Posted by TECK (Post 1215920)
Are you sure? vBulletin.com does not think the same way:
http://www.vbulletin.com/forum/admincp/

It's extremly important to protect your /admincp with htpasswd.
DO NOT use an online tool generator (security warning) and update through FTP, just telnet into your server and run the commands there.

Run this:
(pwd will show you the /full/path/to/your/protected/folder path)

su -
cd /your/protected/folder
pwd
pico .htaccess

In pico, paste this:
Code:
AuthUserFile /full/path/to/your/protected/folder/.htpasswd
AuthName restricted
AuthType Basic
<Limit GET>
        require valid-user
</Limit>
Now, hit CTRL+O (letter) on your keyboard, which executes the Write command.
You will be prompted with the file name .htaccess at the bottom of your screen. Confirm the file is named correctly, and hit enter to save your file. You may now exit pico by hitting CTRL+X.

To create a .htpasswd file and insert it's first user, run this:
cd /your/protected/folder
htpasswd ?c .htpasswd johnsmith

You will be prompted to put in a password for johnsmith and then to confirm it.
If you want to add another user, just run this:
htpasswd .htpasswd newuser

Pretty easy, ehh? I hope you dont run Apache with php-fcgi, because that's another story...

I dont know I have my site hosted at hostgator. I have to check to see exactly what server they are using.

subzero06 04-03-2007 05:04 PM
I think you can do this in your host cpanel called
"Protected Password Directory"
and you just select the admincp folder directory.

TECK 04-04-2007 03:13 AM
What if you don't want to use software like cPanel?
This is the worst software you can put on your server... they compile PHP into their RPM so you are forced to use their version. Not to mention the bulky code and the 1500$ price tag. Crazy.


All times are GMT. The time now is 04:42 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01215 seconds
  • Memory Usage 1,741KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete