vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 2.x Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=4)
-   -   htaccess Hack for the CP of your vB Version 2.2.4 - English Version (https://vborg.vbsupport.ru/showthread.php?t=36846)

Afterburner 03-31-2002 10:00 PM
htaccess Hack for the CP of your vB Version 2.2.4 - English Version
 
Maybe you know it, there where a lot of hacking attacks to the cp of some vB boards.

With this hack you can protect your board with a .htaccess password protection.

Now you can set the .htaccess password protection in the right frame of your CP (Control Panel Home)

to disable the potection delete the .htaccess and the .htpasswd file


PS: sorry for my terrible English ;)

Screenshot:

https://vborg.vbsupport.ru/

vertex 04-01-2002 05:25 PM
nice hack but i dont need it = ]

Floris 04-01-2002 06:43 PM
Thank you :)
Do you know if this works with slash/plesk servers ?

Afterburner 04-01-2002 06:47 PM
if its an UNIX sytem an the system is correct configured it works, plesk is only an interface not the operating system

Jawelin 04-03-2002 08:06 AM
Very nice hack.... I found it very useful tu avoid editing the .htaccess file outside the server administration control panel... :nervous:

But I can't manage to make it working... ;)

Actually, the function you use to hash password within the .htaccess file,
PHP Code:
$passwortverschluesselt crypt($HTTP_POST_VARS[passwort]); 
doesn't match with my server's algorithm. So I always get 'wrong pw error'.
I'm on a Linux / Apache server...

I saw you don't use the salt key... Hwr as you can see on http://www.php.net/crypt manual, to create an .htaccess compatible hash is suggested to use the first two chars of the pw as salt:
PHP Code:
//To generate a .htaccess-based authentication with DES, 
// you have to use the first two characters of your password as salt.

$pass "something";
$ht_pass crypt($pass,substr($pass,0,2)); 
It doesn't work too on my server.
I create the htaccess file with an Apache cpanel and got an hash. When trying the crypt() algorithm with different salts, I can't manage to obtain the same hash... :cross-eyed:

Thanks

captainandy 11-12-2006 05:30 AM
Quote:
Originally Posted by Floris
Thank you :)
Do you know if this works with slash/plesk servers ?
With Plesk - you can go to your domain.name and go to the icon that says "Directories"... it will allow you to set that kind of access without doing the hack here. just pick the directory - then give it a username and password... and you are done....


All times are GMT. The time now is 01:12 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01029 seconds
  • Memory Usage 1,725KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (6)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete