The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#11
|
|||
|
|||
Thats one of the most useless posts I've ever seen in this forum - SSL doesn't protect you from Exploits, leaked Passwords or human stupidity.
|
#12
|
||||
|
||||
Please do NOT spread such false information here. How the hell is adding 256-Bit protection going to stop hackers??
Please think before posting if you actually know what you are talking about. |
#13
|
||||
|
||||
Too much modifications..check with that.
|
#14
|
||||
|
||||
You can have as many mods as you want! I have over 25 mods on my forum!
But, to protect your files and database from this pest, all you need to create a .htacces file and a .htpasswd in the "ADMIN directory on your server! This will create another password for anyone to access the entire directory. Do the same for your "INCLUDES" directory and "INSTALL" directory. I had the same problem you did and this completely closes all back doors and prevents anyone accessing your shit! Make sure you use a different username and password than the ones you use to access the admin control panel via the forums. Also encrypt the password with the link below. Instruction are here: http://www.phpfusion-mods.net/articl...?article_id=23 Password generator here: http://www.htaccesstools.com/htpasswd-generator/ It will take some time for you to create these files and make them work properly by using the full path - AuthUserFile /full/path/to/.htpasswd Once you get it all working correctly a window pops up asking you to enter the username and password when accessing these directories. No one will be able to do any changes accept for you and who ever has the htaccess username and password. Good luck! |
#15
|
||||
|
||||
If you password protect your includes directory won't that stop everyone from being able to view the site? Many functions make calls to the includes directory, no?
|
#16
|
||||
|
||||
Nope, have been doing it since last year, no problem. Includes folder is mostly admin functions. Also this site vb.org and VB's other site do the same!
|
#17
|
|||
|
|||
It stops HTTP access from viewing the directory, not PHP from including the files and running them.
|
#18
|
||||
|
||||
That sounds correct.....
|
#19
|
||||
|
||||
Well that doesn't sound like it would do much to stop hackers then- if they can't browse the directory due to the presence of an index file or server config how would adding a password to the includes directory help if files can still be accessed via php?
|
#20
|
||||
|
||||
Do some research on .htaccess files, does in fact stop anyone from writing, accessing, etc., that is not authorized through htaccess files. No way to get to the directories that have these files, not even the spiders or crawlers because they are completely protected from htaccess... period. Unless someone has your server or FTP client password and can bypass them by deleting them or altering them. Other than that it is almost impossible since the htacces file catches them with a password requirement while surfing to those directories.
|
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|