vb.org Archive
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Influx of Security Issues all tied to the same thing (https://vborg.vbsupport.ru/showthread.php?t=217375)

DieselMinded 06-28-2009 11:38 PM
Influx of Security Issues all tied to the same thing
 
I have 15 websites most are php and have admin control panels , recently i got an email from one of the softwares where they were basically flipping out and told all its members to change the name of its admin directory from admin/

im thinking whats the big deal then the same day another one of my softwares sends out a notice to all its users about the same exact thing !

this got me thinking real good about it and all the stuff you have to do to pull off a rename of the admin directory .... so 2 days later which is today another one of my software developers send out the same thing again !

not sure what has happened recently but it seems like all php software developers are requesting the admin directories renamed

So now we have vBulletin !!! with an admin directory named admin on 99% of our sites so what are we going to do about it?

Marks 06-28-2009 11:41 PM
renaming the admincp directory on vb is very easy. All you have to do is edit the file name, and then one line in config.php.

DieselMinded 06-28-2009 11:43 PM
what about upgrades ?

Marks 06-28-2009 11:45 PM
Do you mean upgrading vB in the future? Just rename the admincp directory before you upload the files to your server, and make sure you keep the same settings in config.php.

DieselMinded 06-28-2009 11:47 PM
Will the upgrade script know that the admin directory is renamed ?

heres some code from one of my developers patch ..
PHP Code:
$form .= '<input type="hidden" name="securityToken" value="' $_SESSION['securityToken'] . '" />'
Does VB have the "securityToken" on its admin cp log in?

Marks 06-28-2009 11:51 PM
I'm pretty sure that as long as config.php is configured correctly, you wont have any problems with the upgrade script.

If you were worried about it, you could always revert back to the default settings just for the upgrade.

DieselMinded 06-29-2009 12:05 AM
i would rather for vbulletin to look into this and make a decision rather this is of warrant

Marks 06-29-2009 12:31 AM
Quote:
Originally Posted by vBulletin manual
$config['Misc']['admincpdir']

By default, vBulletin will install the files for the Administrators' Control Panel into a folder called admincp, but you may wish to rename this folder this for security purposes. If you rename the folder, enter the new name here. Note that you can only rename the folder, if you move the folder to a new location the system will be unable to function.
Sums it up.

That quote is from the installation instructions about configuring config.php.

DieselMinded 06-29-2009 01:04 AM
Whats the importance of doing this !

Brandon Sheley 06-29-2009 03:41 AM
Quote:
Originally Posted by Marks (Post 1839219)
I'm pretty sure that as long as config.php is configured correctly, you wont have any problems with the upgrade script.
This is correct.
As long as the config has the correct info about the admincp and modcp, you could name them whatever you want.
Just make note on the upgrades to name those 2 folders the same, and make the same 2 edits in the config.php file.


All times are GMT. The time now is 11:40 AM.
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01162 seconds
  • Memory Usage 1,738KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete