Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions

Reply
 
Thread Tools Display Modes
  #1  
Old 06-13-2007, 11:35 PM
stroud stroud is offline
 
Join Date: Jun 2007
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default After install security

I just installed my first VB and I'd like to know what settings to change right out of the gate that will increase security and anything else I need to know.

I've been reading everything so far.

thanks
Reply With Quote
  #2  
Old 06-13-2007, 11:37 PM
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Posts: 4,758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Use the password protect with .htaccess in /admincp
Don't use unsafe mods that might have a possible exploit.
Reply With Quote
  #3  
Old 06-14-2007, 11:17 PM
stroud stroud is offline
 
Join Date: Jun 2007
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Where is that file?
Reply With Quote
  #4  
Old 06-14-2007, 11:51 PM
cyberphr's Avatar
cyberphr cyberphr is offline
 
Join Date: Jul 2006
Location: Hell
Posts: 293
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It's easy, really:
- Password protect your admincp and modcp directories with .htaccess, or with cPanel if available. Also renamed the directories, for example "forumacp" rather than "admincp". After doing so, edit your includes/config.php file.
- Only give administrator/moderator permissions to people you trust.
- Install as few modifications as possible, and only install stable ones you feel you need.
- Don't spam other forums or rip content (you never know who might take offense).
- Turn on CAPTCHA, and consider a hack such as "NoSpam!" for further protection.
- Learn basic PHP and MySQL; If there is a problem, you need to at least understand the error message.
- Always upgrade to the latest version as soon as it becomes available, and consider taking the board offline briefly if you do not have time.
- Check up regularly on vulnerability sites such as milw0rm.com for possible vBulletin security issues.

And of course, after installation remember to remove the install directory.



Hope it helps.
Reply With Quote
  #5  
Old 06-15-2007, 12:37 AM
stroud stroud is offline
 
Join Date: Jun 2007
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by cyberphr View Post
Hope it helps.
Yes, thanks! Is there a good book that covers basice PHP and MySQL for beginners so I can get my feet wet?
Reply With Quote
  #6  
Old 06-15-2007, 01:38 AM
Carlos X Carlos X is offline
 
Join Date: Jun 2007
Location: California
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What's CAPTCHA, what's it do?

And how you get there?

I'm curious. This thread made me curious about some things.
Reply With Quote
  #7  
Old 06-15-2007, 01:40 AM
UltimateOreo! UltimateOreo! is offline
 
Join Date: Nov 2006
Location: Missouri
Posts: 462
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Captcha is default enabled by vbulletin, you can find all of its options in the vbulletin options. It is the numbers you enter upon registration.
Reply With Quote
  #8  
Old 06-15-2007, 01:43 AM
Carlos X Carlos X is offline
 
Join Date: Jun 2007
Location: California
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ohh, that.

I turned it on.

So, why should you password protect the mod and AdminCP? I mean, you want admins to enter passwords twice?
Reply With Quote
  #9  
Old 06-15-2007, 07:19 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What happens when there is an exploit in the ACP? You're screwed. That's why you use the htaccess protection. Also, I would suggest having different passwords for the htaccess and user itself.
Reply With Quote
  #10  
Old 06-15-2007, 08:32 AM
Carlos X Carlos X is offline
 
Join Date: Jun 2007
Location: California
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Alright, I do see your point.

I'll fix it.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:23 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05379 seconds
  • Memory Usage 2,241KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete