vb.org Archive - View Single Post

punchbowl · #21 03-17-2008, 12:15 PM

Quote:

Originally Posted by Boofo

If they can get on the server, they can find the directory. There is no foolproof way to stop someone who wants to get to it bad enough. All you can do is slow them down. But good luck with your theory.

It's not my theory. I think it may have been suggested on here. (Edit: Maybe not. Mentioned here http://www.vbulletin.com/forum/showthread.php?t=194701 also remember this?

Code:

//	****** PATH TO ADMIN & MODERATOR CONTROL PANELS ******
	//	This setting allows you to change the name of the folders that the admin and
	//	moderator control panels reside in. You may wish to do this for security purposes.
	//	Please note that if you change the name of the directory here, you will still need

)

I only allow people http access to my server. Apart from guessing I'm a big fan of the flintstones it does provide extra hoops that any hacker will have to jump through. Not theoretical hoops either : They have to guess another defacto password. If someone has access to my server through ssh or whatever then it's already too late.

From reading on here 90% of board hacks are through a browser simply putting admincp after the board url and guessing. A large percentage of these 'hacks' are inside jobs by disgruntled mods who presumably know their way around a standard installation.

Why exclude something by name when googlebot only follows links and the admin link will never appear for guests? Are you putting your admin cp in a sitemap too?! (j/k re sitemap!)

Either way it's not a major issue but I just don't see the point in listing it.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.03119 seconds Memory Usage 1,767KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code (1)bbcode_quote (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: