Thread: Protect your Config.php from Hackers
View Single Post
  #2  
Old 07-08-2011, 04:50 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
  
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by MaryTheG(r)eek View Post
Hello all,



Here is a very easy way to protect your config.php (and thus your valuable database):
  1. Copy your config.php from /includes/ directory, over the public area so nobody can access it with the browser.
  2. Open the config.php that still exists in /includes/ directory and remove all the code.
  3. Add only the following code:
Code:
<?php
require_once("/home/**username**/config.php");
?>
Ofcourse you need to replace **username** with your FTP username. Maybe you need to change the path. This example is from cPanel configuartions.

That's all. Connection details to your database are now hidden to hackers.

Maria
PS- I did a search before posting the advice, but I didn't found anything. If a similar article exists, then my apologies, but is well hidden
https://vborg.vbsupport.ru/showthread.php?t=198856

I prefer the above as many simply do not know about this and not to mention your telling a hacker where config.php is within the old config.php when/if they have a copy although they may not think to look for the edit within class_core (if you do not preserve timestamp info when editing or uploading the modified file) . The only drawback is vB4 does not like it to be renamed when upgrading, vB3 did not care - that's simple to bypass though, before upgrading change it all back then redo the changes again once you've upgraded and your good. You can then leave a cloned config.php in place within includes and fill it w/ all sorts of false information.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01442 seconds
  • Memory Usage 1,767KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete