Thread: SecureMe V1.0 - Secure Your Admin Panel
View Single Post
  #8  
Old 08-09-2008, 11:10 AM
Mephisteus's Avatar
Mephisteus Mephisteus is offline
 
Join Date: Dec 2001
Location: The Netherlands
Posts: 288
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by youradhere4222 View Post
Do you have instructions on how to do this?
That's fake security, and it's something you shouldn't rely on. A browser can easily fake a referer and thus it just becomes more of a nuisance. It can be faked so easily that if a hacker can get through whatever is next, said hacker will have no problem getting past this particular hurdle.

It'd be better to do it the other way around, if accessed through the main page (through a link that you should remove) show the 404 not found error page. Go with the Auth as shown above but add all known ranges for your provider if you have a changing IP, you'll still block a whole lot more and if it doesn't match, show the 404 error.

The 404 leads someone just probing to believe there's nothing there and thus move on.

If you really don't want to use the IP you can force an htaccess pop up on all sub-directories that don't exist, and then manually add an identical screen for the acp directory. Of course you don't want any broken referers on your site then since users would get a popup.

But in all seriousness, the regular vBulletin login with a user specific login, an htaccess with a singular login (and another username and password) and changing the directory to something with uppercase/lowercase/numbers/special characters will increase security to such a point where if they get passed it you really should be wondering if the server got compromised.

Most of this *should* make sense, but since I wrote it as I was thinking it it might be a bit messy

PS
Sorry to hijack the thread
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01378 seconds
  • Memory Usage 1,762KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete